Hi all,
i want to deny mac-based a wifi (cisco APs) guest client to use any network service including http/s like described in this thread:
Web Protection Forum
After some reading and testing it looks like it is not possible to define a mac-based web protection rule to block the devive so i had a new idea.
I define only a small DHCP range for our wifi guests, for example
10.22.0.1 - 10.22.0.200
At the web protection module and the https firewall rule i only set this range to allowed. Now my idea was if i want to block one of this clients i change his ip to static:
network services -> dhcp -> ipv4 lease table -> "+Make static"
Now set for example 10.22.0.201 which has no network-rights and all is fine.
But the Problem is, of course i can define a mac based host in this way but this has no effect to the ipv4 lease table. The Client i want to block still has his old ip.
It would be great if anyone has an idea how to solve this or the following main Problem.
I want to block a guest-client which get his ip by dhcp for all traffic including http, the Client gets http access because of a web protection (web filtering) rule which point to the dhcp-range the client is using.
Regards, Abyss_X
This thread was automatically locked due to age.
