Wireless Access

Reply
Frequent Contributor I
Posts: 70
Registered: ‎01-03-2013

Bulk Clients Blacklist

Hi,

 

Can anyone please let me know if there is a comand (or via web UI) to blacklist and then un-blacklist clients in bulk? We have around 250 clients comming for a conference who need restricted access. Also, is it possible to set blacklist time for 12 hours?

 

Need quick response please.

 

 

Thanks.

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Bulk Clients Blacklist

The command to blacklist a client is below.  You need to do them one at a time.

 

(192.168.1.3) #stm add-blacklist-client ?
<client-mac>            client to add to DoS list

 The question is, why are you blacklisting clients in bulk?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 70
Registered: ‎01-03-2013

Re: Bulk Clients Blacklist

Thanks for the quick response.

 

Actually, the scenario is that in an upcomming conference, the manager do not want the attendees to use the internet during the session (for 10-12 hours) but the same attendees should be able to use internet services in their hotel rooms when they move in after attending the session. Remember, we have one-click captive portal based (open) SSID broadcasting all over in the hotel and all the users use this same very SSID to connect. 

 

 

Is there a way to achive the requirements if MAC based authentication is not appropriate?

 

Thanks.

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Bulk Clients Blacklist

If you are assuming that users should not use the internet in a specific location, make an ap-group of all the access points in that location, and remove the Virtual AP with the one-click service.  After the 12 hours, add the virtual AP back.

 

Unless you somehow can identify by mac address all of the users that you want to block, trying to manage a list of mac addresses might not be helpful.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,467
Registered: ‎09-08-2010

Re: Bulk Clients Blacklist

[ Edited ]

<edit>


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Bulk Clients Blacklist

[ Edited ]

.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 70
Registered: ‎01-03-2013

Re: Bulk Clients Blacklist

cjoseph i had the same idea but the catch is that the manager and his few other cordinators would like to have internet access at the same place. Plus, we are also getting signals at that place from external Aruba APs placed at other nearest locations :( 

 

Any other suggestions please?

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Bulk Clients Blacklist

aruba.markus,

 

There is no other way to really do it.  Does the manager have a Virtual AP specifically for hotel operations, or is he using the same wifi that everyone else uses?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 70
Registered: ‎01-03-2013

Re: Bulk Clients Blacklist

[ Edited ]

The manager and his coordinators would be using the same SSID that everyone else does.

 

O.K. if we have to manually add the MACs for blacklisting, is there a limitations in the controller for number of MACs we can add for blacklisting? 

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Bulk Clients Blacklist

I don't think there is a limit, but how are you going to get everyone's mac addresses to blacklist them?  It is not practical.

 

If the hotel staff need internet, there should be a hidden SSID for hotel staff that they can use anywhere that nobody but hotel staff has the key for.  You would then remove the Virtual AP that is from the guest in the areas of the conference.  

 

I am not sure that there is a better way to do this.  Blocking by mac address when you manage all of the devices that you need to block is difficult enough.  It would be impossible with devices that you do not manage..

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: