Meraki

Community

Block a device from connecting or access an AP

JimDeLuca
New here
‎Feb 14 2023 7:52 AM
‎Feb 14 2023 7:52 AM

Block a device from connecting or access an AP

 We have a student device that is in our block policy and also block in AD from getting a DHCP IP address. We have also blocked the VPNs the student wants to use. However, this device is still causing issues. When he attempts to connect to our wireless he will take the AP down.  He took down two this morning.

 

Not sure if there is anything we can do other than banning the device from school porperty.

0 Kudos
5 Replies 5
KarstenI
Kind of a big deal
Kind of a big deal
‎Feb 14 2023 7:59 AM
‎Feb 14 2023 7:59 AM

I would open a support case. A client connecting to an AP definitely shouldn't take that AP down.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
JimDeLuca
New here
‎Feb 14 2023 8:01 AM
‎Feb 14 2023 8:01 AM

We did open a support case.  Waiting to hear from them was hoping some one had a similar situation and a solution

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 14 2023 8:51 AM
‎Feb 14 2023 8:51 AM

There's no way he's doing a DDose by sending deauthentication probes or anything like that.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 14 2023 10:16 AM
‎Feb 14 2023 10:16 AM

Personally, I think this is foremost an "HR" issue and secondly a technical one.  I would probably take a step further than just banning the device.  The core issue is the human, so I would be trying to address the human issue directly.

 

I don't know which country you are in - but in most jurisdictions it is an an offence to deliberately cause disruption to someone else in the public ISM bands (which is what WiFi uses).

 

You can check this for your country, and warn the student that they are committing an offence, and the school may lay charges against them.  I'm guessing the school has a policy for students who break the law in the school grounds?

 

My personal guess is that @alemabrahao is right, and this is most likely to be a de-auth style attack.  There is very little you can do technically about this.

About your only option is to enable 802.11w (management frame protection) - HOWEVER - many IoT style devices and low-end phones have broken 802.11w implementations - and will experience all kinds of issues.  Computers generally do support 802.11w.

https://documentation.meraki.com/MR/Wi-Fi_Basics_and_Best_Practices/802.11w_Management_Frame_Protect... 

In response to PhilipDAth
RaphaelL
Kind of a big deal
Kind of a big deal
‎Feb 14 2023 11:12 AM
‎Feb 14 2023 11:12 AM

That's far fetched but someone 'could' be exploiting CVE-2022-33279 which 29.5.1 fixes ,but the odds are very very slim.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.