Wireless Access

Reply
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Blacklist by MAC address

Is there a way to block a MAC address that attempts to connect to our wireless system?? Aruba 650 controller (6.1.3.7)

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Blacklist by MAC address

[ Edited ]

In order to permanently blacklist a client (across controller reboots), you will need AOS 6.2

 

You can blacklist the client using the following command:

stm add-blacklist-client <mac address>

 

Once you are on AOS 6.2+, you can run the following command to change the blacklist timer to permanent:

(config) #ap ap-blacklist-time 0

 

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Blacklist by MAC address

I updated to 6.2 and ran the 1st command and notice it counting down from an hour under Monitoring>Blacklist Clients.. then ran the second command and saved the config and still see the timer counting down

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Blacklist by MAC address

After running that second command, re-add the client using the first command.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 270
Registered: ‎09-24-2010

Re: Blacklist by MAC address

that did it!  thanks!

New Contributor
Posts: 4
Registered: ‎05-22-2017

Re: Blacklist by MAC address

Are there REST APIs to interact with Clearpass server that we can add/remove endpoint to/from blacklist by its IP or MAC address? 

 

 


 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Blacklist by MAC address

Which blacklist are you referring to? This thread is about the controller's blacklist.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: