Wireless Access

Reply
New Contributor
Posts: 4
Registered: ‎03-31-2015

How to manually set the blacklist time

stm add-blacklist-client <macaddr> this command ,How to manually set the blacklist time?

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: How to manually set the blacklist time

Hi,

 

Here are the commands to configure blacklist time for auth failure and for IPS,

 

wlan virtual-ap "VAPEmp"
  auth-failure-blacklist-time 100
  blacklist-time 100

 

Hope you got your answer. please feel free for any query on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: How to manually set the blacklist time



If you blacklist a client while they are not associated, the blacklist time comes from the controller rather than the VAP profile. To permanently blacklist those clients, first add the following to each controller config:



ap ap-blacklist-time 0
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: How to manually set the blacklist time

and the full answer from an old post here:

When a client is connected to the controller, the blacklist time is obtained from the Virtual AP that the client is currently connected to.  If the client is NOT in the user table, the blacklist time is then derived from the "ap ap-blacklist-time 0" that you mentioned.

 

Type "show ap blacklist-clients" when you do a blacklist to see who is blacklisted and how much time is left.

 

Cli needed commands:

stm add-blacklist-client <MAC>

 

If you blacklist a client while they are not associated, the blacklist time comes from the controller rather than the VAP profile. To permanently blacklist those clients, first add the following to each controller config:

 

ap ap-blacklist-time 0

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: How to manually set the blacklist time

if you would like to understand more and read some info:
http://community.arubanetworks.com/t5/Controller-Based-WLANs/Understanding-Client-Blacklisting-behavior-in-AOS-6-3-X-and/ta-p/174834
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
New Contributor
Posts: 4
Registered: ‎03-31-2015

Re: How to manually set the blacklist time

permanent black ?this command “ap ap-blacklist-time 0”

New Contributor
Posts: 4
Registered: ‎03-31-2015

Re: How to manually set the blacklist time

log:

 

stm[618]: <501097> <WARN> |AP 3FB1-FAC@172.28.200.1 stm| Assoc request: 28:e3:47:b6:d4:1d: Dropped AP 172.28.200.1-24:de:c6:94:ae:00-3FB1-FAC for STA DoS protection

 


How to set up to prevent such an attack ?TKS~

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: How to manually set the blacklist time

That is what shows up in the log when a blacklisted client tries to associate.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎03-31-2015

Re: How to manually set the blacklist time

I felt like I was being attacked.

Search Airheads
Showing results for 
Search instead for 
Did you mean: