Description
Solution
This article explains how to block computers based on MAC address when device identification is used.
Solution
i.) Create user device:
config user device
edit Test
set mac 01:12:13:14:15:16 <---the mac_address you need to block
next
end
Above can be configured from GUI , User & device -> Device -> Device definition -> Create new then create the entry for the mac address .
The following steps need to configured from CLI and cannot be configured from GUI
ii.) Create device-access-list and select the above device in it
config user device-access-list
edit Black-list
config device-list
edit 1
set device "Test"
set action deny
next
end
next
end
iii.) Enable the device-access-list under the respective interface:
config system interface
edit
set device-identification enable
set device-access-list Black-list
next
end
config user device
edit Test
set mac 01:12:13:14:15:16 <---the mac_address you need to block
next
end
Above can be configured from GUI , User & device -> Device -> Device definition -> Create new then create the entry for the mac address .
The following steps need to configured from CLI and cannot be configured from GUI
ii.) Create device-access-list and select the above device in it
config user device-access-list
edit Black-list
config device-list
edit 1
set device "Test"
set action deny
next
end
next
end
iii.) Enable the device-access-list under the respective interface:
config system interface
edit
set device-identification enable
set device-access-list Black-list
next
end
