Introduction to Ray Whitelists:




In this article we are going to talk about Whitelists and how Whitelists are used and configured in Ray.


What is a Whitelist?


Am sure  some of you have heard the term whitelist being used somewhere or might have used whitelists your selves in your networks. But what exactly are whitelists and how do they work.?


A Whitelist is a network access or cyber security stategy that works on the priniciple of denying every client device from connecting to and accessing a computer or a network by default, and strictly allowing a list of client devices that have been approved and defined in a list compiled by the network administrator. 


The whitelisting of client devices can be approved and done by using a client IP address, MAC address, User ID, domain or email address.


Whitelists operate on the opposite principles of Blacklists. The difference between Whitelists and Blacklists is that Blacklists permit every client device onto the network and only deny network access to the client devices that have been added to the blacklist by a network administrator  while Whitelists Deny every client device access to the network by default and only pemit network access to the client devices that have been implicitly approved and added to the Whitelist by a network administrator.


Important Note: Blacklists and Whitelists cannot be together or alongside each other on the same network. This due to the opposing priniciples that Whitelists and Blacklists use. Therefor the option to use a whitelist is only available when there is no blacklist in use.





HOW TO WHITELIST DEVICES IN RAY:


We have explained what whitelists are and the how Whitelists work in the above section. we have also explained the difference between Whitelists and Blacklists. 

We are now going to show you how setup whitelists in Ray.


CAUTION !!!: Please properly plan and have your list of client devices you want to add to your Whitelist ready. As explained in above section, a network that has a Whitelist will deny access to all devices by default and only permit devices in the whitelist access. There for adding one Client device to whitelist, will automatically turn network to A whitelist network therefor denying all other connected devices access to the network.


Unlike blacklists, whitelists can be implemented and are recommended to be setup during initial network deployment.





Steps to Enable whitelists when on a new network:


After creating your Wlan profile, you need to click on the Whitelist/Blacklist tab on your new Wlan profile



Steps to follow:


To enable whitelisting of clients, we need to go to the 

Profiles tab in controller-->, navigate to available profiles---> click on Wlan sub-menu----> On the list of Available Wlan profiles, we need to click on the actions menu button next to our Wlan profile. in this example Ray.  

On the actions popup box, we shall select view:.


  Summary of steps:

  1. Profiles
  2. Available profiles
  3. Wlan
  4. Select the wlan profile you want to enable whitelisting of users and click action menu
  5. On action menu popup select view.



See Image of screenshots describing the above steps below:





On completing the above steps and clicking the view action from the Ray Wlan profile,  A Popup window will show up with the detials of our Ray Wlan profile.


To enable our Whitelist, we need to click on the Whitelist/Blacklist tab highlighted with a green rectange  and labelled step 1 in image below.


Next we need to click on the enable checkbox highlighted by green star marker and labelled as step 2 as shown in image below.



See Image of screenshots describing steps 1 and 2 mentioned above :






On completing above steps 1 and 2 above as illustrated in image above, the enable checkbox will enable field for entering our Whitelist device names and MAC address entries. in this example we are going to use the client device hemal-ThinkPad-L430 with the MAC Address of b8:76:3f:d2:ce:14  the cluster id field is an optional field. see this whitelist entry illustrated as step 3 in image below.


See Image of screenshots showing step 3 above:





On completing the above 3 steps on a new Wlan profile, we would have successfully enabled whitelisting on the Ray network profile illustrated above. 



Info:From this point onwards, no client device will be able to connect and communicate or use this networks resources without 1st being added to this Whitelist using their device and MAC Address by the network administrator.


Sometimes whitelists could be called a MAC address filter although there are very slight differences between MAC address filtering and Whitelists based on the Vendors technology.




Steps to Enable Whitelists on existing Ray networks:


In order to enable whitelisting on a network with client devices in Ray,  

From our Ray cloud controller we need to navigate to the Clients tab then make sure we are on the Devices sub-menu as highlighted in step 2 of image below. 

Next we need to identify the device we would like to Approve by adding it to our Whitelist.  For purposes of illustration, in this example from our list of Client devices connected to our network, we are going to use client device with name of  hemal-ThinkPad-L430 MAC address of b8:76:3f:d2:ce:14  


Note:

Due to how whitelists work,adding a client device to a whitelist will by default enable whitelisting on this network and coz all the other devices to be blacklisted. remember device is either whitelisted or blacklisted. It can never be both. 
On an existing network all network devices will have to be added to whitelist once a single device gets added to the whitelist. Otherwise devices not on white list wont have access to the network



Step 3 will be clicking the action button next to Client device of hemal-ThinkPad-L430The action button is indicated by 3 dots and highlighted by circle in step 3 as shown in image below.



See Image of screenshots showing above steps 1,2 & 3:







STEP 4:


On successfully following and completing Steps 1 to 3, clicking on the action button will present a pop-up box with a list of actions. Select the add to Whitelist action with a Padlock icon which is highlighted by a rectangle and shown as step 4 in image below..


See Image of screenshot showing the above step 4:



To complete step 4 above a confirmation pop box with a warning about the effects of enabling the whitelist will popup if you have understood and want to proceed, type the word Confirm in the entry field labelled in step 5. 

Note the word entry field is case sensitive.

See image of this step below.






See Image of screenshot and confirmation box of Step 5:



On completing this step, you would have successfully enabled Whitelists on your network.




You can identify Whitelisted devices by looking at the devices name and MAC address. Whitelisted devices names will be listed in italics  font at the Clients device tab.

See hemal-ThinkPad-L430  client device listed in italic font in image below. we have underlined hemal-ThinkPad-L430  device and MAC address b8:76:3f:d2:ce:14   to show the italic fonts used to identify whitelisted devices.




See Image of screenshot below showing hemal-ThinkPad-L430  in Italic fonts:




This marks the end of article about Whitelists in Ray.



 Check out our article about Blacklists in Introduction to Ray Blacklists




We hope this article was helpful?





Thank you


Kind regards,
Ray Support
www.ray.life