Site Allow List/Deny List

Enforce Site-Level Control Over RF Association

Configure Client Access Lists for clients at the site level. For more information, see Client Address Protection Lists.

Enforce Client Address Protection

Protect critical network resources from MU clients by creating an Allow List of Address Resolution Protocol (ARP) IPv4 addresses for network routers, gateway servers, and other critical servers. ExtremeCloud IQ Controller assigns the Quarantine Role to clients that use a reserved IPv4 address from this configured list and logs an entry indicating that the restricted IP address was hit.

For information on adding addresses to the Allow or Deny lists, see Client Address Protection Lists.

The Critical IP Address List is configured per site. The list applies to all clients in the site. When a client uses a protected IP address, the following takes place:

• All Address Resolution Protocol (ARP) traffic from that client is blocked.
• The client is assigned to the Quarantine Role, and it remains on Quarantine until the client is disassociated from the network.
• The following event log is generated:

  Usage of reserved IP address detected. Client [], IP address []. Client will be assigned role Quarantine.

  To view event logs, go to Tools > Logs > Events.

Note

Changes to the Enforce Client Address Protection configuration apply only to new client registrations. Adding and removing IP addresses from the Critical IP Address List does not affect the state of the connected clients. To enforce or remove enforcement of a pre-existing client session, remove the session from the system by disassociating the client. Then, when you reassociate the client, it is processed according to the latest state of the Critical IP Address List.