Environment : This article applies to Aruba Mobility Domain with ArubaOS.
Surprisingly, some clients experience problem in connecting to an SSID and as a WLAN administrator one would not have a clue. The first place where an administrator should look into, is the output of following CLI command to see if the MAC address of the client is listed here:
"Show ap blacklist-clients"
There are several reasons why a client gets blacklisted. For example, when you enable different Aruba intrusion detection system (IDS) features that detect suspicious activities, such as MAC address spoofing or DoS attacks.
Below shown are the various reasons for a client getting blacklisted:
|user-defined: User was blacklisted due to blacklist criteria were defined by the network administrator|
|mitm-attack: Blacklisted for a man in the middle (MITM) attack; impersonating a valid enterprise AP.|
|ping-flood: Blacklisted for a ping flood attack.|
|session-flood: Blacklisted for a session flood attack.|
|syn-flood: Blacklisted for a syn flood attack|
|session-blacklist: User session was blacklisted|
|IP spoofing: Blacklisted for sending messages using the IP address of a trusted client.|
|ESI-blacklist: An external virus detection or intrusion detection application or appliance blacklisted the client.|
|CP-flood: Blacklisting for flooding with fake AP beacons.|
UNKNOWN: Blacklist reason unknown.
You can configure the duration that clients are blacklisted on a per-SSID basis via the virtual AP profile. There are two different blacklist duration settings:
- For clients that are blacklisted due to authentication failure. By default, this is set to 0 (the client is blacklisted indefinitely)
- For clients that are blacklisted due to other reasons, including manual blacklisting. By default, this is set to 3600 seconds (one hour). You can set this to 0 to blacklist clients indefinitely.