To ban and/or block any client manually, first go to Site > Security to classify and add client mac addresses as Banned clients. You can now do this for a specific site or the entire ORG.
Either manually enter MAC Addresses or upload a file with the list of MACs.
Or from API, we can make PUT request under – sites/:site_id/setting/blacklist with payload of mac addresses
{"macs":["<<>>","<<>>"]}
Next, navigate to Site > WLANs to enable “Prevent banned clients from associating” in the Security section
Banned clients will not be able to connect the particular SSID even after providing a correct PSK. Client events generated will be “802.11 Auth Denied”
Note: If the client is already connected to the SSID and
- The SSID later enabled the security option to Ban the client, or
- The client was classified as Banned but SSID enabled the security option to Ban later
The connected client will get disconnected from the SSID.
If a client is removed from the banned list or if the SSID disabled manual banning clients, then client will be able to reconnect to SSID.
Learn more about Rogue Clients Detection and Classification here: https://www.mist.com/documentation/rogue-clients-detection/