Security

Reply
New Contributor
Posts: 2
Registered: ‎06-04-2012

Mac Block issues

Hello.

 

 I have been blocking macs successfully for sometime now using: (Aruba6000-Main) # stm add-blacklist-client XX:XX:XX:XX:XX:XX  from the CLI.      Typing (Aruba6000-Main) #  show ap blacklist-clients  would show Remaining time Permanent.  This now comes up with Remaining time 3600 and is only blocked for 3600 seconds.  Any Ideas of what changed?  Also would blacklisted clients list empty on controller reboot?  Thanks for your help

Guru Elite
Posts: 19,995
Registered: ‎03-29-2007

Re: Mac Block issues

In the Virtual AP, there is a blacklist timer.  If a client is connected to that Virtual AP when you blacklist it, the remaining time, would be the virtual AP timer.  If the client is NOT connected, it is permanent.

 

ArubaOs 6.x made the blacklist timer survive a reboot.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
New Contributor
Posts: 2
Registered: ‎06-04-2012

Re: Mac Block issues

Got it.  Boot them off first than block them.  Thank you

New Contributor
Posts: 1
Registered: ‎10-19-2012

Re: Mac Block issues

Hello. 

 

Each time the aruba controller reboots the blacklist disappears... im using the ArubaOS (MODEL: Aruba2400), Version 3.3.1.5.

 

Do you know in which OS version the blockages stays even if we reboot the controller?

 

Thank you in advance.

Guru Elite
Posts: 19,995
Registered: ‎03-29-2007

Re: Mac Block issues

6.1
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 16
Registered: ‎09-06-2012

Re: Mac Block issues

I was running into this same situation and I changed the timeout value in the gui, but my blacklisted clients were still set to 3600 seconds. In order to make this a permanent blacklist, I had to go into the controllers command-line and use the ap ap-blacklist-time 0 command. After that all my blacklist clients were perm.

Occasional Contributor II
Posts: 11
Registered: ‎10-01-2007

Re: Mac Block issues

I believe it comes into play when a client is not associated with a vap, so the default controller time is implemented. This has to be done for each local controller. It's not pushed down from the master. I haven't seen a place in the gui to set this value.

Search Airheads
Showing results for 
Search instead for 
Did you mean: