ClearPass Recipes

Blacklist a user on an Aruba Controller

Aruba Employee

The Aruba controller can blacklist users at Layer 1, not even letting them connect. Based on conditions in ClearPass, it may be a valued option to blacklist a user at Layer 1, i.e., if they are known to have a vulnerability, or they have exhausted their amount of time/bandwidth.

AH contributor: Austin


  • Technology Integration

    Blacklist a user on an Aruba Controller via ClearPass policy

  • Cloud Deployment

    On Premise

  • API Documentation

Administration -> External Servers -> Endpoint Context Servers

Select Server Type

Generic HTTP

Server Name

<Your integration name>

On-Premise based URL



<Not Applicable>


<Not Applicable>

Administration -> Dictionaries -> Context Server Actions

Action Tab

Server Type

Generic HTTP

Server Name

<Select your integration name>

Action Name

<Describe the action>

HTTP Method




Content Tab




xml=<aruba command="user_blacklist"> <ipaddr>%{Radius:IETF:Framed-IP-Address}<macaddr>%{Connection:Client-Mac-Address-Colon}</macaddr> <name>%{Authentication:Full-Username}</name> <key>Shared_Key</key> <authentication>MD5|SHA-1|cleartext</authentication> <version>1.0</version> </aruba>

Tips & Tricks

Need to configure the XML source in the AAA profile of the controller and set a key, use that key in the payload with the appropriate type.
Version history
Revision #:
7 of 7
Last update:
‎11-06-2014 10:18 PM
Updated by:
Labels (2)
chris tagg

is there any way to do the same thing for a Cisco AP environment?!

Do Cisco controllers have an open API? My gut says Cisco being Cisco, it's probably a not so open API
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.