Security

Reply
Frequent Contributor II
Posts: 143
Registered: ‎07-27-2012

Clients blacklisted after 1 failed auth

Hi:

I'm having a few problems with our new 802.1x rollout. I'm using Clearpass with 3400 controllers.

 

Users are getting blacklisted after one failed authentication. This could happen if they roam between controllers, or if an AD auth fails for some reason.

 

Can someone comment on best practices in setting up blacklisting? Do I need to use it at all?

I'm guessing that there's some interaction between blacklisting and users getting locked out of AD during a password change?

What are other gotchas?

Can I blacklist some networks and not others, or at least have different settings?

 

My current setup is unusable.

 

Thanks for the help,

Tony

 

 

Guru Elite
Posts: 20,578
Registered: ‎03-29-2007

Re: Clients blacklisted after 1 failed auth

I would remove blacklisting for now..

 

It is best used when the threshold is below a user's AD lockout count.  802.1x supplicants submit authentications multiple times and can easily get a device blacklisted as a result.

 

I would get a stable network and then determine how blacklisting fits into it.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: