Wireless Access

One master controller, two locals -- all M3, 6.1.3.2 Blacklist duration is set to 0 for all Virtual APs/SSIDs for both Authentication Failure and Other. Found the bad guy on Local2 and blacklisted him; remaining time is blank as expected. Because you can only use the WebUI to blacklist a connected client, I went to the CLI for Master and Local1 and issued this command: stm add-blacklist-client [mac address]. On both, the remaining time is 1 hour, no matter what I do. Bad guy was able to connect to Local1 last night. Any way to fix this?

Set the "ap blacklist-time" parameter which specifies how long unassociated users get blacklisted:

 

http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/Blacklist-Clients-on-3600-controller-ArubaOS-6-1-2-2/td-p/22534

 

I thought I had set that, which is why I said, "Blacklist duration is set to 0 for all Virtual APs/SSIDs for both Authentication Failure and Other." Are you saying to do that again in the CLI?

(Aruba3600) (config) #ap ap-blacklist-time

 

That parameter is GLOBAL and not under the virtual AP.  It corresponds to the blacklist time for unassociated clients.

 

Thanks! I had not read all the way through the link you sent.

When you say GLOBAL, is that "Set it on the Master and the Locals learn it," or "Set it on every controller?"

Global meaning all SSIDs broadcasting from APs connected to that controller.

You need to blackilist clients on each controller.

Ah, good point.

I hadn't thought of that -- I was refering to where I set 'ap ap-blacklist-time 0'

Is that a Master pushed configuration bit, or will I have to set it on each controller.