Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
When a client is added to the blacklist manually or by the system, if the client is associated to a virtual AP (VAP), the blacklist time is taken from the profile of the corresponding VAP. More specifically, if the client was blacklisted because of an authentication failure, then the auth-failure-blacklist-time from the VAP profile is used. If the client was blacklisted for any other reason (including manually), then the blacklist-time from the VAP profile is used. Both of these profile parameters default to 3600. For associated clients to be blacklisted permanently, either of these values can be set to 0.
When a client is blacklisted manually, either the client is known to the controller (associated to an AP) or the client is unknown to the system.
If the client being blacklisted is associated to an AP, then the value specified on the VAP profile (corresponding to the SSID to which the client is associated) is used. If the client is not associated to a VAP or is unknown to the system, then no profile value can be used, and the client is blacklisted permanently.