Security

Hello.

 I have been blocking macs successfully for sometime now using: (Aruba6000-Main) # stm add-blacklist-client XX:XX:XX:XX:XX:XX  from the CLI.      Typing (Aruba6000-Main) #  show ap blacklist-clients  would show Remaining time Permanent.  This now comes up with Remaining time 3600 and is only blocked for 3600 seconds.  Any Ideas of what changed?  Also would blacklisted clients list empty on controller reboot?  Thanks for your help

In the Virtual AP, there is a blacklist timer.  If a client is connected to that Virtual AP when you blacklist it, the remaining time, would be the virtual AP timer.  If the client is NOT connected, it is permanent.

ArubaOs 6.x made the blacklist timer survive a reboot.

Got it.  Boot them off first than block them.  Thank you

Hello. 

Each time the aruba controller reboots the blacklist disappears... im using the ArubaOS (MODEL: Aruba2400), Version 3.3.1.5.

Do you know in which OS version the blockages stays even if we reboot the controller?

Thank you in advance.

I was running into this same situation and I changed the timeout value in the gui, but my blacklisted clients were still set to 3600 seconds. In order to make this a permanent blacklist, I had to go into the controllers command-line and use the ap ap-blacklist-time 0 command. After that all my blacklist clients were perm.

I believe it comes into play when a client is not associated with a vap, so the default controller time is implemented. This has to be done for each local controller. It's not pushed down from the master. I haven't seen a place in the gui to set this value.