Security

Reply
Occasional Contributor II
Posts: 17
Registered: ‎12-09-2011

Problems Blacklisting a Device

[ Edited ]

Sorry to dig up an old post but im having some trouble blacklisting.

 

I have followed the above instructions to try and blacklist a device thats locking out a users computer (we think it's an IOS deivce) and i can see two things that have been blacklisted instantly but im trying to test by using an iPad and putting in the wrong credentials (3 times, blacklist failed auth set to 2 times) it still seems to lockout my AD accont and not blacklist me, anything else i can check thats not listed in the previous post?

 

Thanks.

Guru Elite
Posts: 20,014
Registered: ‎03-29-2007

Re: Problems Blacklisting a Device

Are you trying to use authentication blacklisting or manual blacklisting?

 

Meaning, are you trying to set it to blacklist based on failed authentications, or are you trying to manually stop that device from connecting?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 17
Registered: ‎12-09-2011

Re: Problems Blacklisting a Device

Hi,

I'm trying to blacklist based on failed 802.1x authentications, idea being it blacklists the device before the users account gets lockout.

Thanks

Guru Elite
Posts: 20,014
Registered: ‎03-29-2007

Re: Problems Blacklisting a Device

Okay.  Here is the checklist for Authentication Blacklisting:

 

In the  Virtual AP, Blacklisting Needs to be enabled.

In the Virtual AP, Authentication Blacklisting time says how long a client that fails authentication blacklisting will be kept off the network (3600 seconds is default).  If you make that Zero, it will be permanent.

Max Authentication failure number should be set in the 802.1x profile attached to the AAA profile that represents how many authentications you want a device to fail before being blacklisted (zero is the default, which means no authentication blacklisting).

 

Last but not least, what version of ArubaOS are you using?

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 17
Registered: ‎12-09-2011

Re: Problems Blacklisting a Device

[ Edited ]

 

Thanks for the response, i think i have those set (see attached screenshots) and we are on ArubaOS 6.1.3.1 code.

 

 

 

 

 

 

Guru Elite
Posts: 20,014
Registered: ‎03-29-2007

Re: Problems Blacklisting a Device

Try setting the blacklist to 1. 

 

Turn on user debugging:

 

config t

logging level debugging user

 

<try to blacklist>

 

"Type show log user 50" to see what is going on.

 

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 17
Registered: ‎12-09-2011

Re: Problems Blacklisting a Device

Sorry to be a pain, could you elaborate on the turning on user debugging, it's not something I have ever done before and im not sure if im following it correctly.

 

Thanks

Guru Elite
Posts: 20,014
Registered: ‎03-29-2007

Re: Problems Blacklisting a Device

In the user table (Monitoring> Controller> Clients) find your device that is having the problem and click on the Debug Button.

 

Next, go to Monitoring > Debug Clients, and the proceed to fail the authentications.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 17
Registered: ‎12-09-2011

Re: Problems Blacklisting a Device

Ah ok thank you, i connected device to wireless, started debugging then disconnectd  and tred to reconnect with incorrect password, attached are the logs, they dont meen much to me im afraid.

 

Thanks

Guru Elite
Posts: 20,014
Registered: ‎03-29-2007

Re: Problems Blacklisting a Device

Okay.  Here is my log below:

 

Please click on "show references" in your 802.1x profile to ensure that is the correct one referenced.

 

Below is a blacklist done with authentication failure 1 with an ipad:

 

Sep 14 04:12:23 :522042:  <NOTI> |authmgr|  User Authentication Failed: username=tyutty MAC=44:2a:60:c3:b8:fe IP=0.0.0.0 auth method=802.1x auth server=eTips
Sep 14 04:12:23 :522004:  <DBUG> |authmgr|  skipping mac : 44:2a:60:c3:b8:fe, from AP : 0.0.0.0, with authtype : 802.1x
Sep 14 04:12:23 :522030:  <INFO> |authmgr|  MAC=44:2a:60:c3:b8:fe Station deauthenticated: BSSID=00:1a:1e:82:41:33, ESSID=ACME-TLS
Sep 14 04:12:23 :522049:  <INFO> |authmgr|  MAC=44:2a:60:c3:b8:fe,IP=N/A User role updated, existing Role=logon/none, new Role=logon/none, reason=Station is L2 deauthenticated
Sep 14 04:12:23 :522050:  <INFO> |authmgr|  MAC=44:2a:60:c3:b8:fe,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Download driven by user role setting
Sep 14 04:12:23 :527000:  <DBUG> |mdns|  mdns_parse_auth_userrole_message 265 Auth User ROLE: MAC:44:2a:60:c3:b8:fe, NAME:tyutty, ROLE_NAME:logon
Sep 14 04:12:23 :501103:  <WARN> |stm|  Blacklist add: 44:2a:60:c3:b8:fe: Reason: auth-failure
Sep 14 04:12:23 :501065:  <DBUG> |stm|  Sending STA 44:2a:60:c3:b8:fe message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x3e8, wmm:1, rsn_cap:c
Sep 14 04:12:23 :522036:  <INFO> |authmgr|  MAC=44:2a:60:c3:b8:fe Station DN: BSSID=00:1a:1e:82:41:33 ESSID=ACME-TLS VLAN=1000 AP-name=AP125-Mesh-Portal
Sep 14 04:12:23 :522004:  <DBUG> |authmgr|  MAC=44:2a:60:c3:b8:fe ingress 0x108c (tunnel 12), u_encr 64, m_encr 64, slotport 0x1043 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 14 04:12:23 :522004:  <DBUG> |authmgr|  MAC=44:2a:60:c3:b8:fe Send Station delete message to mobility
Sep 14 04:12:23 :500511:  <DBUG> |mobileip|  Station 44:2a:60:c3:b8:fe, 0.0.0.0: Received disassociation on ESSID: ACME-TLS Mobility service Off, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP125-Mesh-Portal Group default BSSID 00:1a:1e:82:41:33, phy a, VLAN 1000
Sep 14 04:12:23 :500010:  <NOTI> |mobileip|  Station 44:2a:60:c3:b8:fe, 255.255.255.255: Mobility trail, on switch 192.168.1.3, VLAN 1000, AP AP125-Mesh-Portal, ACME-TLS/00:1a:1e:82:41:33/a
Sep 14 04:12:23 :522004:  <DBUG> |authmgr|  44:2a:60:c3:b8:fe: station datapath entry deleted
Sep 14 04:12:23 :501080:  <NOTI> |stm|  Deauth to sta: 44:2a:60:c3:b8:fe: Ageout AP 192.168.1.251-00:1a:1e:82:41:33-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:12:23 :501000:  <DBUG> |stm|  Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:23 :501105:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Deauth from sta: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:33-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:12:23 :501000:  <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:24 :501095:  <NOTI> |stm|  Assoc request @ 04:12:24.264729: 44:2a:60:c3:b8:fe (SN 1251): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501097:  <WARN> |stm|  Assoc request: 44:2a:60:c3:b8:fe: Dropped AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:12:24 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:24 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:12:28.942129: 44:2a:60:c3:b8:fe (SN 1251): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501100:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc success @ 04:12:28.943210: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:24 :501105:  <NOTI> |stm|  Deauth from sta: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:12:24 :501000:  <DBUG> |stm|  Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:24 :501103:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Blacklist add: 44:2a:60:c3:b8:fe: Reason: user-defined
Sep 14 04:12:24 :501080:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Deauth to sta: 44:2a:60:c3:b8:fe: Ageout AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:12:24 :501000:  <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Station 44:2a:60:c3:b8:fe: Clearing state
Sep 14 04:12:25 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:25 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:12:29.982688: 44:2a:60:c3:b8:fe (SN 1258): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 44:2a:60:c3:b8:fe: Dropped AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:12:25 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:25 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:12:30.378050: 44:2a:60:c3:b8:fe (SN 1260): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:25 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 44:2a:60:c3:b8:fe: Dropped AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:12:26 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal auth_alg 0
Sep 14 04:12:26 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 44:2a:60:c3:b8:fe: AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:26 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:12:30.772492: 44:2a:60:c3:b8:fe (SN 1262): AP 192.168.1.251-00:1a:1e:82:41:35-AP125-Mesh-Portal
Sep 14 04:12:26 :501097:  <WARN> |AP AP125-

 

And now, with an Android:

 

 

Sep 14 04:04:05 :522042:  <NOTI> |authmgr|  User Authentication Failed: username=fldoff MAC=10:bf:48:e8:1e:17 IP=0.0.0.0 auth method=802.1x auth server=eTips
Sep 14 04:04:05 :522004:  <DBUG> |authmgr|  skipping mac : 10:bf:48:e8:1e:17, from AP : 0.0.0.0, with authtype : 802.1x
Sep 14 04:04:05 :522030:  <INFO> |authmgr|  MAC=10:bf:48:e8:1e:17 Station deauthenticated: BSSID=00:1a:1e:82:41:21, ESSID=ACME-TLS
Sep 14 04:04:05 :522049:  <INFO> |authmgr|  MAC=10:bf:48:e8:1e:17,IP=N/A User role updated, existing Role=logon/none, new Role=logon/none, reason=Station is L2 deauthenticated
Sep 14 04:04:05 :522050:  <INFO> |authmgr|  MAC=10:bf:48:e8:1e:17,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Download driven by user role setting
Sep 14 04:04:05 :527000:  <DBUG> |mdns|  mdns_parse_auth_userrole_message 265 Auth User ROLE: MAC:10:bf:48:e8:1e:17, NAME:fldoff, ROLE_NAME:logon
Sep 14 04:04:05 :501103:  <WARN> |stm|  Blacklist add: 10:bf:48:e8:1e:17: Reason: auth-failure
Sep 14 04:04:05 :501065:  <DBUG> |stm|  Sending STA 10:bf:48:e8:1e:17 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x3e8, wmm:1, rsn_cap:0
Sep 14 04:04:05 :500511:  <DBUG> |mobileip|  Station 10:bf:48:e8:1e:17, 0.0.0.0: Received disassociation on ESSID: ACME-TLS Mobility service Off, HA Discovery on Association Off, Fastroaming Disabled, AP: Name AP125-Mesh-Portal Group default BSSID 00:1a:1e:82:41:21, phy g, VLAN 1000
Sep 14 04:04:05 :522036:  <INFO> |authmgr|  MAC=10:bf:48:e8:1e:17 Station DN: BSSID=00:1a:1e:82:41:21 ESSID=ACME-TLS VLAN=1000 AP-name=AP125-Mesh-Portal
Sep 14 04:04:05 :500010:  <NOTI> |mobileip|  Station 10:bf:48:e8:1e:17, 255.255.255.255: Mobility trail, on switch 192.168.1.3, VLAN 1000, AP AP125-Mesh-Portal, ACME-TLS/00:1a:1e:82:41:21/g
Sep 14 04:04:05 :522004:  <DBUG> |authmgr|  MAC=10:bf:48:e8:1e:17 ingress 0x108d (tunnel 13), u_encr 64, m_encr 64, slotport 0x1043 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 14 04:04:05 :522004:  <DBUG> |authmgr|  MAC=10:bf:48:e8:1e:17 Send Station delete message to mobility
Sep 14 04:04:05 :522004:  <DBUG> |authmgr|  10:bf:48:e8:1e:17: station datapath entry deleted
Sep 14 04:04:05 :501080:  <NOTI> |stm|  Deauth to sta: 10:bf:48:e8:1e:17: Ageout AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:04:05 :501000:  <DBUG> |stm|  Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:05 :501105:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Deauth from sta: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:04:05 :501000:  <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:06 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:06 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501095:  <NOTI> |stm|  Assoc request @ 04:04:06.678868: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501097:  <WARN> |stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:06 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:12.423278: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501100:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc success @ 04:04:12.424440: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:06 :501105:  <NOTI> |stm|  Deauth from sta: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Reason STA has left and is deauthenticated
Sep 14 04:04:06 :501000:  <DBUG> |stm|  Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:06 :501103:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Blacklist add: 10:bf:48:e8:1e:17: Reason: user-defined
Sep 14 04:04:06 :501080:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Deauth to sta: 10:bf:48:e8:1e:17: Ageout AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal Denied; STA Blacklisted
Sep 14 04:04:06 :501000:  <DBUG> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Station 10:bf:48:e8:1e:17: Clearing state
Sep 14 04:04:08 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:08 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:13.863754: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:08 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:08 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:14.249761: 10:bf:48:e8:1e:17 (SN 6): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:08 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:08 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:14.638410: 10:bf:48:e8:1e:17 (SN 8): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:08 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:11 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:11 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:17.102131: 10:bf:48:e8:1e:17 (SN 4): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection
Sep 14 04:04:11 :501109:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth request: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal auth_alg 0
Sep 14 04:04:11 :501093:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Auth success: 10:bf:48:e8:1e:17: AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501095:  <NOTI> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request @ 04:04:17.487217: 10:bf:48:e8:1e:17 (SN 6): AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal
Sep 14 04:04:11 :501097:  <WARN> |AP AP125-Mesh-Portal@192.168.1.251 stm|  Assoc request: 10:bf:48:e8:1e:17: Dropped AP 192.168.1.251-00:1a:1e:82:41:21-AP125-Mesh-Portal for STA DoS protection

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: