Security

Reply
New Contributor

Mac Block issues

Hello.

 

 I have been blocking macs successfully for sometime now using: (Aruba6000-Main) # stm add-blacklist-client XX:XX:XX:XX:XX:XX  from the CLI.      Typing (Aruba6000-Main) #  show ap blacklist-clients  would show Remaining time Permanent.  This now comes up with Remaining time 3600 and is only blocked for 3600 seconds.  Any Ideas of what changed?  Also would blacklisted clients list empty on controller reboot?  Thanks for your help

Guru Elite

Re: Mac Block issues

In the Virtual AP, there is a blacklist timer.  If a client is connected to that Virtual AP when you blacklist it, the remaining time, would be the virtual AP timer.  If the client is NOT connected, it is permanent.

 

ArubaOs 6.x made the blacklist timer survive a reboot.

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
New Contributor

Re: Mac Block issues

Got it.  Boot them off first than block them.  Thank you

New Contributor

Re: Mac Block issues

Hello. 

 

Each time the aruba controller reboots the blacklist disappears... im using the ArubaOS (MODEL: Aruba2400), Version 3.3.1.5.

 

Do you know in which OS version the blockages stays even if we reboot the controller?

 

Thank you in advance.

Guru Elite

Re: Mac Block issues

6.1
******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor II

Re: Mac Block issues

I was running into this same situation and I changed the timeout value in the gui, but my blacklisted clients were still set to 3600 seconds. In order to make this a permanent blacklist, I had to go into the controllers command-line and use the ap ap-blacklist-time 0 command. After that all my blacklist clients were perm.

Occasional Contributor II

Re: Mac Block issues

I believe it comes into play when a client is not associated with a vap, so the default controller time is implemented. This has to be done for each local controller. It's not pushed down from the master. I haven't seen a place in the gui to set this value.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: