Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Problems Blacklisting a Device

This thread has been viewed 8 times

  • 1.  Problems Blacklisting a Device

    Posted Sep 13, 2012 11:25 AM

    Sorry to dig up an old post but im having some trouble blacklisting.

     

    I have followed the above instructions to try and blacklist a device thats locking out a users computer (we think it's an IOS deivce) and i can see two things that have been blacklisted instantly but im trying to test by using an iPad and putting in the wrong credentials (3 times, blacklist failed auth set to 2 times) it still seems to lockout my AD accont and not blacklist me, anything else i can check thats not listed in the previous post?

     

    Thanks.



  • 2.  RE: Problems Blacklisting a Device

    EMPLOYEE
    Posted Sep 13, 2012 12:00 PM

    Are you trying to use authentication blacklisting or manual blacklisting?

     

    Meaning, are you trying to set it to blacklist based on failed authentications, or are you trying to manually stop that device from connecting?

     



  • 3.  RE: Problems Blacklisting a Device

    Posted Sep 13, 2012 12:01 PM

    Hi,

    I'm trying to blacklist based on failed 802.1x authentications, idea being it blacklists the device before the users account gets lockout.

    Thanks



  • 4.  RE: Problems Blacklisting a Device

    EMPLOYEE
    Posted Sep 13, 2012 12:14 PM

    Okay.  Here is the checklist for Authentication Blacklisting:

     

    In the  Virtual AP, Blacklisting Needs to be enabled.

    In the Virtual AP, Authentication Blacklisting time says how long a client that fails authentication blacklisting will be kept off the network (3600 seconds is default).  If you make that Zero, it will be permanent.

    Max Authentication failure number should be set in the 802.1x profile attached to the AAA profile that represents how many authentications you want a device to fail before being blacklisted (zero is the default, which means no authentication blacklisting).

     

    Last but not least, what version of ArubaOS are you using?

     



  • 5.  RE: Problems Blacklisting a Device

    Posted Sep 14, 2012 03:56 AM

     

    Thanks for the response, i think i have those set (see attached screenshots) and we are on ArubaOS 6.1.3.1 code.

     

     

     

     

     

     



  • 6.  RE: Problems Blacklisting a Device

    EMPLOYEE
    Posted Sep 14, 2012 04:10 AM

    Try setting the blacklist to 1. 

     

    Turn on user debugging:

     

    config t

    logging level debugging user

     

    <try to blacklist>

     

    "Type show log user 50" to see what is going on.

     

     



  • 7.  RE: Problems Blacklisting a Device

    Posted Sep 14, 2012 04:38 AM

    Sorry to be a pain, could you elaborate on the turning on user debugging, it's not something I have ever done before and im not sure if im following it correctly.

     

    Thanks



  • 8.  RE: Problems Blacklisting a Device

    EMPLOYEE
    Posted Sep 14, 2012 04:40 AM

    In the user table (Monitoring> Controller> Clients) find your device that is having the problem and click on the Debug Button.

     

    Next, go to Monitoring > Debug Clients, and the proceed to fail the authentications.

     



  • 9.  RE: Problems Blacklisting a Device

    Posted Sep 14, 2012 04:49 AM
      |   view attached

    Ah ok thank you, i connected device to wireless, started debugging then disconnectd  and tred to reconnect with incorrect password, attached are the logs, they dont meen much to me im afraid.

     

    Thanks

    Attachment(s)

    txt
    log.txt   9 KB 1 version


  • 10.  RE: Problems Blacklisting a Device

    EMPLOYEE
    Posted Sep 14, 2012 05:15 AM

    Okay.  Here is my log below:

     

    Please click on "show references" in your 802.1x profile to ensure that is the correct one referenced.

     

    Below is a blacklist done with authentication failure 1 with an ipad:

     

    Sep 14 04:12:23 :522042:  <NOTI> |authmgr|  User Authentication Failed: username=tyutty MAC=44:2a:60:c3:b8:fe IP=0.0.0.0 auth method=802.1x auth server=eTips
Sep 14 04:12:23 :522004:  <DBUG> |authmgr|  skipping mac : 44:2a:60:c3:b8:fe, from AP : 0.0.0.0, with authtype : 802.1x
Sep 14 04:12:23 :522030:  <INFO> |authmgr|  MAC=44:2a:60:c3:b8:fe Station deauthenticated: BSSID=00:1a:1e:82:41:33, ESSID=ACME-TLS
Sep 14 04:12:23 :522049:  <INFO> |authmgr|  MAC=44:2a:60:c3:b8:fe,IP=N/A User role updated, existing Role=logon/none, new Role=logon/none, reason=Station is L2 deauthenticated
Sep 14 04:12:23 :522050:  <INFO> |authmgr|  MAC=44:2a:60:c3:b8:fe,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Download driven by user role setting
Sep 14 04:12:23 :527000:  <DBUG> |mdns|  mdns_parse_auth_userrole_message 265 Auth User ROLE: MAC:44:2a:60:c3:b8:fe, NAME:tyutty, ROLE_NAME:logon
Sep 14 04:12:23 :501103:  <WARN> |stm|  Blacklist add: 44:2a:60:c3:b8:fe: Reason: auth-failure
Sep 14 04:12:23 :501065:  <DBUG> |stm|  Sending STA 44:2a:60:c3:b8:fe message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x3e8, wmm:1, rsn_cap:c
Sep 14 04:12:23 :522036:  <INFO> |authmgr|  MAC=44:2a:60:c3:b8:fe Station DN: BSSID=00:1a:1e:82:41:33 ESSID=ACME-TLS VLAN=1000 AP-name=AP125-Mesh-Portal
Sep 14 04:12:23 :522004:  <DBUG> |authmgr|  MAC=44:2a:60:c3:b8:fe ingress 0x108c (tunnel 12), u_encr 64, m_encr 64, slotport 0x1043 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 14 04:12:23 :522004:  <DBUG> |authmgr|  MAC=44:2a:60:c3:b8:fe Send Station delete message to mobility
Sep 14 04:12:23 :500511:  <DBUG> |mobileip|  Station 44:2a:60:c3:b8:fe, 0.0.0.0: Received disassociation on ESSID: ACME-TLS Mobility service Off, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP125-Mesh-Portal Group default BSSID 00:1a:1e:82:41:33, phy a, VLAN 1000
Sep 14 04:12:23 :500010:  <NOTI> |mobileip|  Station 44:2a:60:c3:b8:fe, 255.255.255.255: Mobility trail, on switch 192.168.1.3, VLAN 1000, AP AP125-Mesh-Portal, ACME-TLS/00:1a:1e:82:41:33/a
Sep 14 04:12:23 :522004:  <DBUG> |authmgr|  44:2a:60:c3:b8:fe: station datapath entry deleted
Sep 14 04:12:23 :501080:  <NOTI> |stm|  Deauth to sta: 44:2a:60:c3:b8:fe: Ageout AP 192.168.1.251-00:1a:1e:82:41:33-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:12:23 :501000:  <DBUG> |stm|  Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:23 :501105:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Deauth from sta: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:33-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:12:23 :501000:  <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:24 :501095:  <NOTI> |stm|  Assoc request @ 04:12:24.264729: 44:2a:60:c3:b8:fe (SN 1251): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501097:  <WARN> |stm|  Assoc request: 44:2a:60:c3:b8:fe: Dropped AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:12:24 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:24 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:12:28.942129: 44:2a:60:c3:b8:fe (SN 1251): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501100:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc success @ 04:12:28.943210: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501105:  <NOTI> |stm|  Deauth from sta: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:12:24 :501000:  <DBUG> |stm|  Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:24 :501103:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Blacklist add: 44:2a:60:c3:b8:fe: Reason: user-defined
Sep 14 04:12:24 :501080:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Deauth to sta: 44:2a:60:c3:b8:fe: Ageout AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:12:24 :501000:  <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:25 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:25 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:12:29.982688: 44:2a:60:c3:b8:fe (SN 1258): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 44:2a:60:c3:b8:fe: Dropped AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:12:25 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:25 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:12:30.378050: 44:2a:60:c3:b8:fe (SN 1260): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 44:2a:60:c3:b8:fe: Dropped AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:12:26 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:26 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:26 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:12:30.772492: 44:2a:60:c3:b8:fe (SN 1262): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:26 :501097:  <WARN> |AP AP125-

     

    And now, with an Android:

     

     

    Sep 14 04:04:05 :522042:  <NOTI> |authmgr|  User Authentication Failed: username=fldoff MAC=10:bf:48:e8:1e:17 IP=0.0.0.0 auth method=802.1x auth server=eTips
Sep 14 04:04:05 :522004:  <DBUG> |authmgr|  skipping mac : 10:bf:48:e8:1e:17, from AP : 0.0.0.0, with authtype : 802.1x
Sep 14 04:04:05 :522030:  <INFO> |authmgr|  MAC=10:bf:48:e8:1e:17 Station deauthenticated: BSSID=00:1a:1e:82:41:21, ESSID=ACME-TLS
Sep 14 04:04:05 :522049:  <INFO> |authmgr|  MAC=10:bf:48:e8:1e:17,IP=N/A User role updated, existing Role=logon/none, new Role=logon/none, reason=Station is L2 deauthenticated
Sep 14 04:04:05 :522050:  <INFO> |authmgr|  MAC=10:bf:48:e8:1e:17,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Download driven by user role setting
Sep 14 04:04:05 :527000:  <DBUG> |mdns|  mdns_parse_auth_userrole_message 265 Auth User ROLE: MAC:10:bf:48:e8:1e:17, NAME:fldoff, ROLE_NAME:logon
Sep 14 04:04:05 :501103:  <WARN> |stm|  Blacklist add: 10:bf:48:e8:1e:17: Reason: auth-failure
Sep 14 04:04:05 :501065:  <DBUG> |stm|  Sending STA 10:bf:48:e8:1e:17 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x3e8, wmm:1, rsn_cap:0
Sep 14 04:04:05 :500511:  <DBUG> |mobileip|  Station 10:bf:48:e8:1e:17, 0.0.0.0: Received disassociation on ESSID: ACME-TLS Mobility service Off, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP125-Mesh-Portal Group default BSSID 00:1a:1e:82:41:21, phy g, VLAN 1000
Sep 14 04:04:05 :522036:  <INFO> |authmgr|  MAC=10:bf:48:e8:1e:17 Station DN: BSSID=00:1a:1e:82:41:21 ESSID=ACME-TLS VLAN=1000 AP-name=AP125-Mesh-Portal
Sep 14 04:04:05 :500010:  <NOTI> |mobileip|  Station 10:bf:48:e8:1e:17, 255.255.255.255: Mobility trail, on switch 192.168.1.3, VLAN 1000, AP AP125-Mesh-Portal, ACME-TLS/00:1a:1e:82:41:21/g
Sep 14 04:04:05 :522004:  <DBUG> |authmgr|  MAC=10:bf:48:e8:1e:17 ingress 0x108d (tunnel 13), u_encr 64, m_encr 64, slotport 0x1043 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 14 04:04:05 :522004:  <DBUG> |authmgr|  MAC=10:bf:48:e8:1e:17 Send Station delete message to mobility
Sep 14 04:04:05 :522004:  <DBUG> |authmgr|  10:bf:48:e8:1e:17: station datapath entry deleted
Sep 14 04:04:05 :501080:  <NOTI> |stm|  Deauth to sta: 10:bf:48:e8:1e:17: Ageout AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:04:05 :501000:  <DBUG> |stm|  Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:05 :501105:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Deauth from sta: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:04:05 :501000:  <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:06 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:06 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501095:  <NOTI> |stm|  Assoc request @ 04:04:06.678868: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501097:  <WARN> |stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:06 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:12.423278: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501100:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc success @ 04:04:12.424440: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501105:  <NOTI> |stm|  Deauth from sta: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:04:06 :501000:  <DBUG> |stm|  Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:06 :501103:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Blacklist add: 10:bf:48:e8:1e:17: Reason: user-defined
Sep 14 04:04:06 :501080:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Deauth to sta: 10:bf:48:e8:1e:17: Ageout AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:04:06 :501000:  <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:08 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:08 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:13.863754: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:08 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:08 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:14.249761: 10:bf:48:e8:1e:17 (SN 6): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:08 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:08 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:14.638410: 10:bf:48:e8:1e:17 (SN 8): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:11 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:11 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:17.102131: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:11 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:11 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:17.487217: 10:bf:48:e8:1e:17 (SN 6): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection

     



  • 11.  RE: Problems Blacklisting a Device

    Posted Sep 14, 2012 05:22 AM

    That looks a bit different, i can confirm its the correct profile and the blacklisting does seem to be working as i now have too device blacklisted since i reduced it to 1 attempt, the odd thing is the android and ipad devices im testing from are not being blacklisted.

     

    The only thing i can see that could affect is we recently had set up user roles for IOS and Android so we could identify the deivces and in the future expand on this, coudl that affect it? can i just ditch those roles if so as they arent doing anything?



  • 12.  RE: Problems Blacklisting a Device

    EMPLOYEE
    Posted Sep 14, 2012 05:25 AM

    Do you mean user rules for the DHCP Option?  Remove those and please see if they make a difference.  It should NOT, though;  If they do it is a bug.

     

     



  • 13.  RE: Problems Blacklisting a Device

    Posted Sep 14, 2012 05:34 AM

    It was part of the DHCP option user rules but removing it didnt make a difference.

     

    Thanks



  • 14.  RE: Problems Blacklisting a Device

    EMPLOYEE
    Posted Sep 14, 2012 05:43 AM
    @sketchmasterx wrote:

    That looks a bit different, i can confirm its the correct profile and the blacklisting does seem to be working as i now have too device blacklisted since i reduced it to 1 attempt, the odd thing is the android and ipad devices im testing from are not being blacklisted.

     

    The only thing i can see that could affect is we recently had set up user roles for IOS and Android so we could identify the deivces and in the future expand on this, coudl that affect it? can i just ditch those roles if so as they arent doing anything?

    Just so I understand you:

     

    Android and Ipads are NOT being blacklisted.  Every other device is?

     

    Can you upgrade to the latest version of code?

     

     



  • 15.  RE: Problems Blacklisting a Device

    EMPLOYEE
    Posted Sep 14, 2012 05:59 AM
    @sketchmasterx wrote:

    Ah ok thank you, i connected device to wireless, started debugging then disconnectd  and tred to reconnect with incorrect password, attached are the logs, they dont meen much to me im afraid.

     

    Thanks

    In the logs, I don't even see your device failing authentication.  Are you sure you have the right device?  Does the radius server register that authentication was failed?

     



  • 16.  RE: Problems Blacklisting a Device

    Posted Sep 14, 2012 07:07 AM

    Im pretty sure it was the right device going my MAC and I could see the debug log writing stuff as i attempt to signin, i tried twice and it logged the same wording on both attempts (at bottom of log). I also checked Microsoft Network Policy Server and i can see my failed attmpt in the logs "Network Policy Server discarded the request for a user."

     

    The odd thing reason as "

    Reason: An internal error occurred. Check the system event log for additional information."

     

    Still works fine on that device if i sign correctly. Very strange.

     

    Thanks



  • 17.  RE: Problems Blacklisting a Device

    EMPLOYEE
    Posted Sep 14, 2012 07:11 AM

    Okay,

     

    That could be a different issue.  The controller, however, will ONLY blacklist if it sees an authentication failure, in this situation.  Any other response and it should not blacklist.

     

    Seems like you need to troubleshoot the error message, first.

     



  • 18.  RE: Problems Blacklisting a Device

    Posted Sep 14, 2012 07:26 AM

    Yeah just looking into it now, found this interesting article, not looking hopefull. Thanks for your help.

     

    http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/9b263656-b159-4a14-bbfa-c55f1b132bdd



  • 19.  RE: Problems Blacklisting a Device
    Best Answer

    Posted Sep 14, 2012 07:44 AM

    I have followed this advice on the above link and it seems to work, not sure if it will have any other effects on users but will keep monitoring.

     

    " I noted that the internal errors do not occur when I change the number of PEAP MSCHAPv2 retries to 0 on the NPS server"

     

    Thanks again for your help.



  • 20.  RE: Problems Blacklisting a Device

    EMPLOYEE
    Posted Sep 14, 2012 07:45 AM

    Always happy when things work out.

     

    Glad to hear it!