Controller-less WLANs

What are the different client blacklisting features available on Instant AP and how to configure them?

Introduction :

 

Unlike Wired networks, wireless access spans across physical boundaries and thereby client blacklisting becomes significant feature to keep the unauthorized users from associating to the network. The following types of client blacklisting are available in Instant:
 
  • Manual Blacklisting
  • Authentication Failure Blacklisting
  • Session Firewall Based Blacklisting

Feature Notes :

 

Authentication failure blacklisting takes place only when blacklisting is enabled in authentication settings of an SSID

 

Environment : This article applies to Aruba Instant Access Points.

 

Network Topology : Wireless clients association to Aruba Instant Access Points.

 

Configuration Steps :

 

Following is the configuration steps for different client blacklisting features of Instant AP:

 

 

Manual Blacklisting:

 
  1. Login to Web interface of Instant cluster
  2. Click on "Security" from the main-menu
  3. On the "Backlisting" tab, add the MAC address of the client to be blacklisted. These clients are permanently blacklisted.

User-added image

 

Authentication Failure Blacklisting:


This method is applicable only where authentication request is generated to internal server or external auth server.
  1. Login to Web interface of Instant cluster.
  2. Select the SSID from the list and click on "Edit"
  3. Move to "Security" and enable the "Blacklisting" under authentication settings.
Mention the no. of authentication failures. (Range:  0 - 10)
 

User-added image

The duration that this user is blacklisted can be configured. As below:User-added image

Session Firewall Based Blacklisting:


This method is used to blacklist a authorized user when an unexpected traffic is seen.As the user session hits the ACL, the user is blacklistedand is de-authenticated.

 
  1. Login to Web interface of Instant cluster.
  2. Click on "Security" from the main-menu
  3. On the "Roles" tab, edit the existing ACl create a new one.User-added image

Verification : Blacklisted clients can be verified on IAP Web interface as well as in command line:

 

On Web Interface:User-added image

On Command Line:User-added image

NOTE: The reason column indicates the method that the is client is blacklisted.

 

Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 07:53 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.