Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

How to manually set the blacklist time

This thread has been viewed 13 times

  • 1.  How to manually set the blacklist time

    Posted Mar 31, 2015 04:39 AM

    stm add-blacklist-client <macaddr> this command ,How to manually set the blacklist time?



  • 2.  RE: How to manually set the blacklist time

    Posted Mar 31, 2015 05:23 AM

    Hi,

     

    Here are the commands to configure blacklist time for auth failure and for IPS,

     

    wlan virtual-ap "VAPEmp"
      auth-failure-blacklist-time 100
      blacklist-time 100

     

    Hope you got your answer. please feel free for any query on this.



  • 3.  RE: How to manually set the blacklist time
    Best Answer

    Posted Mar 31, 2015 05:24 AM


    If you blacklist a client while they are not associated, the blacklist time comes from the controller rather than the VAP profile. To permanently blacklist those clients, first add the following to each controller config:



    ap ap-blacklist-time 0


  • 4.  RE: How to manually set the blacklist time

    Posted Mar 31, 2015 05:25 AM

    and the full answer from an old post here:

    When a client is connected to the controller, the blacklist time is obtained from the Virtual AP that the client is currently connected to.  If the client is NOT in the user table, the blacklist time is then derived from the "ap ap-blacklist-time 0" that you mentioned.

     

    Type "show ap blacklist-clients" when you do a blacklist to see who is blacklisted and how much time is left.

     

    Cli needed commands:

    stm add-blacklist-client <MAC>

     

    If you blacklist a client while they are not associated, the blacklist time comes from the controller rather than the VAP profile. To permanently blacklist those clients, first add the following to each controller config:

     

    ap ap-blacklist-time 0



  • 5.  RE: How to manually set the blacklist time

    Posted Mar 31, 2015 05:27 AM
    if you would like to understand more and read some info:
    http://community.arubanetworks.com/t5/Controller-Based-WLANs/Understanding-Client-Blacklisting-behavior-in-AOS-6-3-X-and/ta-p/174834


  • 6.  RE: How to manually set the blacklist time

    Posted Mar 31, 2015 05:35 AM

    log:

     

    stm[618]: <501097> <WARN> |AP 3FB1-FAC@172.28.200.1 stm| Assoc request: 28:e3:47:b6:d4:1d: Dropped AP 172.28.200.1-24:de:c6:94:ae:00-3FB1-FAC for STA DoS protection

     


    How to set up to prevent such an attack ?TKS~



  • 7.  RE: How to manually set the blacklist time

    EMPLOYEE
    Posted Mar 31, 2015 08:21 AM

    That is what shows up in the log when a blacklisted client tries to associate.



  • 8.  RE: How to manually set the blacklist time

    Posted Mar 31, 2015 11:42 AM

    I felt like I was being attacked.



  • 9.  RE: How to manually set the blacklist time

    Posted Feb 20, 2019 12:45 PM
    I am using ARUBA 7010 , version is 8.2.2.3 although ı did the blacklist time 0, I could not do it limitless blacklist. Can it be related with version?


  • 10.  RE: How to manually set the blacklist time

    Posted Mar 31, 2015 05:28 AM

    permanent black ?this command “ap ap-blacklist-time 0”