Reply
Occasional Contributor II
pburchell
Posts: 23
Registered: ‎12-14-2009
Accepted Solution

Blacklist Clients on 3600 controller (ArubaOS 6.1.2.2)

Hi can anyone advise me on how to change the default blacklist timeout period?

MVP
jsolb
Posts: 272
Registered: ‎05-11-2011

Re: Blacklist Clients on 3600 controller (ArubaOS 6.1.2.2)

See page 580-583 in the userguide:

 

Blacklist Duration
You can configure the duration that clients are blacklisted on a per-SSID basis via the virtual AP profile.
There are two different blacklist duration settings:
 For clients that are blacklisted due to authentication failure. By default, this is set to 0 (the client is
blacklisted indefinitely).
 For clients that are blacklisted due to other reasons, including manual blacklisting. By default, this is set
to 3600 seconds (one hour). You can set this to 0 to blacklist clients indefinitely.
To configure the blacklist duration via the WebUI: 1. Navigate to the Configuration > Wireless > AP Configuration page. 2. Select either AP Group or AP Specific tab. Click Edit for the AP group or AP name. 3. In the Profiles list, select Wireless LAN, then Virtual AP. Select the virtual AP instance.  To set a blacklist duration for authentication failure, enter a value for Authentication Failure Blacklist Time.  To set a blacklist duration for other reasons, enter a value for Blacklist Time. 4. Click Apply.
To configure the blacklist duration via the command-line interface, access the CLI in config mode and issue the following commands: wlan virtual-ap <profile> auth-failure-blacklist-time <seconds> blacklist-time <seconds>

 .. John

Regards
John

-ACMX #316 :: ACCP-
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Occasional Contributor II
pburchell
Posts: 23
Registered: ‎12-14-2009

Re: Blacklist Clients on 3600 controller (ArubaOS 6.1.2.2)

top man John

MVP
Michael_Clarke
Posts: 577
Registered: ‎08-29-2007

Re: Blacklist Clients on 3600 controller (ArubaOS 6.1.2.2)

Hi John,

 

I have a client continually failing authentication and am being flooded with messages from Airwave.  It seems to be someone who tried to connect with their phone, failed, and now that phone is constantly trying to connect.

 

I set the blacklist-time on the vap to 0, but when I manually blacklist the client and then do a 'show ap blacklist-client', it is not showing as indefinate.

 

Version 6.1.3.4


If my post is helpful please give kudos, or mark as solved if it answers your post.

Aruba ACMP, ACMX #294
Frequent Contributor I
bigtone
Posts: 67
Registered: ‎01-06-2011

Re: Blacklist Clients on 3600 controller (ArubaOS 6.1.2.2)

Same here, it keeps saying 3600 even though I have set both to 0 as mentioned in the user guide posted above.

Frequent Contributor I
bigtone
Posts: 67
Registered: ‎01-06-2011

Re: Blacklist Clients on 3600 controller (ArubaOS 6.1.2.2)

the command is not in the 6.1 documentation, I had to call aruba suppport to get the undocumented command: config t, ap ap-blacklist-time 0

Occasional Contributor II
pburchell
Posts: 23
Registered: ‎12-14-2009

Re: Blacklist Clients on 3600 controller (ArubaOS 6.1.2.2)

I'm actually on 6.1.3 but when I block some devices on the same SSID it appears to work for some but not others.   See below some are counting down for the 1 hour default, but others have been blocked for hours. any ideas?

 

Capture.JPG

Moderator
cjoseph
Posts: 10,911
Registered: ‎03-29-2007

Re: Blacklist Clients on 3600 controller (ArubaOS 6.1.2.2)

If a client is associated, it will get the blacklist timer from the Virtual AP that it is currently connected to.  If it is not connected, it will get the blacklist timer from the "ap-blacklist-time" parameter.

 

Occasional Contributor II
pburchell
Posts: 23
Registered: ‎12-14-2009

Re: Blacklist Clients on 3600 controller (ArubaOS 6.1.2.2)

ok, but I have set both parameters to 0, shouldn't that permantly exclude?

Moderator
cjoseph
Posts: 10,911
Registered: ‎03-29-2007

Re: Blacklist Clients on 3600 controller (ArubaOS 6.1.2.2)

What version of 6.1.3 are you on?  That is when the last parameter appeared.

 

How are you blacklisting that client?