The number of clients to be blocked has reached the limit ISSUE

The number of clients to be blocked has reached the limit ISSUE
The number of clients to be blocked has reached the limit ISSUE
2022-01-04 08:01:32

Hi Guys!

 

I would like to ask for your help. I'm using Omada hardware controller, a TP-Link 605 Router and more than 10 EAP in our school.

 

There is a wifi which our teachers use. However a lot of students getting the password. We are blocking them to use the wifi, however lately I'm getting the following message:

 

"The number of clients to be blocked has reached the limit."
 
I looked at the blocking list, there are 500 blocked client. So is there way to block more than 500 clients (student) from network other than use MAC filtering?
  0      
  0      
#1
Options
7 Reply
Re:The number of clients to be blocked has reached the limit ISSUE
2022-01-05 08:28:40

Dear @rg.kszi ,

 

rg.kszi wrote

I would like to ask for your help. I'm using Omada hardware controller, a TP-Link 605 Router and more than 10 EAP in our school.

There is a wifi which our teachers use. However a lot of students getting the password. We are blocking them to use the wifi, however lately I'm getting the following message:

"The number of clients to be blocked has reached the limit."
I looked at the blocking list, there are 500 blocked client. So is there way to block more than 500 clients (student) from network other than use MAC filtering?

 

Actually the EAP can only set the maximum of 500 MAC Filters per SSID.

What about setting the Allow List for all teachers?

 

Best Regards!

If this was helpful click the Triangles button below. If this solved your issue, please mark it "Recommended Solution" to help others.
  0  
  0  
#2
Options
Re:The number of clients to be blocked has reached the limit ISSUE
2022-01-07 06:54:57

@rg.kszi For me, It would be much easier just to block an unwanted client from the network, instead of dealing with MAC address lists (allow or not) that's why I'm looking for a solution which allows me to block more than 500 clients from the network. :)

 

Is there a hope TP-Link raises or (deletes) this limit in the future?

  0  
  0  
#3
Options
Re:The number of clients to be blocked has reached the limit ISSUE
2022-01-14 10:47:35
You could change the WiFi password and communicate it to the teachers. But probably it is time to look for a better authentication mechanism bbased on logging on with a more authoritative identity than the WiFi password. Using the logon/email address of teachers to logon to the network sounds like a more robust method. The downside of this solution is that you will need to provide another authentication option like using RADIUS or a portal. But doing nothing is not an option anyway.
  0  
  0  
#4
Options
Re:The number of clients to be blocked has reached the limit ISSUE
2022-06-24 08:41:36

  @Hank21 

 

Because of this limitation we started using MAC filtering but it has also a limitation as you wrote. We put around 230 MAC address to the allow list and it is growing. I hope someday Omada can raise this 500 limit to 1000 or 2000. :)

  0  
  0  
#5
Options
Re:The number of clients to be blocked has reached the limit ISSUE
2022-06-24 12:39:33 - last edited 2022-06-24 12:44:30

  @rg.kszi you should configure load balancing and set max. devices per eap device, overcrowded ap's, thats simple to resolve, just add the amount which you need. As example, according to tp-link, eap610 can handle 100 cilents, eap620hd ten times more (cant confirm). What I trying to say is that you simply need few more devices according to your calculation, you could also replace those overcrowded with some ceiling mount device which can handle required number of clients.

 

As a student, I would never give you my mac address (at least not real one), you are creating time consuming task for nothing, some portal authentification would probably be better solution, including the fact that teachers and students should not be in same network and I will give you example and own story why. When I was in school, our math lessons were on computer and we had one exam consisting of 4x40 minutes, where the fastest finished normally after 80 minutes. I did not visit the class for months where my teacher told "You can just print empty paper and leave the class, that will be ok". I said it was a little arrogant from teacher to assume I missed the class because I do not know anything instead of thinking that I am not visiting it because I have the knowledge, however, I agreed, opened finished exam from his pc and printed it 100% correctly, few minutes after I left my math teacher was running after asking how it was possible to finish the exam within one minute. I still got best degree and they did not want anybody to know about their failure, since then they asked me to always sit in class and not participate on exams on computers, my task was to check exams for errors.

 

Hope that helps

  0  
  0  
#6
Options
Re:The number of clients to be blocked has reached the limit ISSUE
2022-06-24 12:42:12 - last edited 2022-06-24 12:45:23

  @rg.kszi 

 

I'd change the password so that those not authorized will not know it.  If the changed password keeps being leaked, find the source of the leakage and correct that issue.  Trying to solve this with any other technological method seems to be overcomplicated and likely doomed to fail.

  0  
  0  
#7
Options
Re:The number of clients to be blocked has reached the limit ISSUE
2022-06-24 12:47:46 - last edited 2022-06-24 12:48:32

lflorack wrote

  @rg.kszi 

 

I'd change the password so that those not authorized will not know it.  If the changed password keeps being leaked, find the source of the leakage and correct that issue.  Trying to solve this with any other technological method seems to be doomed to fail.

  @lflorack for school and educational institution access to network is normally resolved in different ways, mostly connected to the students data (like number, email, name, etc.). Those who are not students and not working, those should get max. guest network access which is isolated from anything and you can dedicate few ap's just for that to ensure overloaded guest network does not bring ap's required for students and teachers to its knees. I guess school should engage some IT company for either consulting or consulting and implementation, otherwise it will be costly and time consuming journey.

  0  
  0  
#8
Options