Wireless Access

Reply
Super Contributor II

Permanent Blacklist no longer working

Hey,

 

Controler: Dell PowerConnect W3200

Firmware: 6.3.0.1

 

I have had success permanently blacklisting device in the past (they are still in the list of blacklisted devices).

I recently wanted to add a new device to the blacklist and got stuck with a 1 hr ban only.

 

I have tried blacklisting from both the commandline on the controller and from the GUI and both result in a 1 hr ban.

 

I have also checked that 'ap-blacklist-time' value is '0'

 

Any other suggestions on what I can check to ensure the blacklist are permanent?

 

Thank you,

 

Cheers

Re: Permanent Blacklist no longer working

The behaviour change in 6.1.x I believe.

 

To change the blacklist time, you need to do the following

 

ap ap-blacklist-time <time>

 If you set to 0, when you manually blacklist a client it will be permanent I think.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Super Contributor II

Re: Permanent Blacklist no longer working

Hey,

 

I have confirmed that the 'ap-blacklist-time' value is '0' already.

 

I have a two MAC's that are showing as permanent currently.

The new one I just added today is showing as blacklisted for 1 hour.

 

 MAC_Blacklist_0001.png

Perhaps I should try changing the 'ap-blacklist-time' to some other time, then change it back to 0.

Is it possible that the controller "forgot" this configuration setting?

 

Cheers

Re: Permanent Blacklist no longer working

change it to something like 7200.  Unblacklist and blacklist again and see what the time says.

 

Try again after you change to a time of 0.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com

Re: Permanent Blacklist no longer working

When a client is connected to the controller, the blacklist time is obtained from the Virtual AP that the client is currently connected to.  If the client is NOT in the user table, the blacklist time is then derived from the "ap ap-blacklist-time 0" that you mentioned.

 

Type "show ap blacklist-clients" when you do a blacklist to see who is blacklisted and how much time is left.

 

Cli needed commands:

stm add-blacklist-client <MAC>

 

If you blacklist a client while they are not associated, the blacklist time comes from the controller rather than the VAP profile. To permanently blacklist those clients, first add the following to each controller config:

 

ap ap-blacklist-time 0

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************

Re: Permanent Blacklist no longer working

got it.  So kick them off, then quickly blacklist them.

 

:smileyhappy:


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Super Contributor II

Re: Permanent Blacklist no longer working

I changed the value to 7200 seconds. Blacklisted the device and it is still showing 60 minutes.

 

Just for fun I set the value back to 0 and blacklisted a different device, and it is showing 60 minutes as well.

 

It seems like the controller is ignoring the value completely.

Re: Permanent Blacklist no longer working

can u please printout your vap configuration - if inside your vap u got diffrent blacklisting time...and the user connected to this VAP that what manner.

 

....

Blacklist Time

Number of seconds that a client is quarantined from the network after being blacklisted. Default: 3600 seconds (1 hour)

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Super Contributor II

Re: Permanent Blacklist no longer working

Hey guys,

 

Sorry kdisc98, I hadn't seen your reply before I posted my last one.

I did a test where I disconnected the device I was trying to blacklist and then quickly ran the 'stm add-blacklist-client' command and it is now showing as permanent!

All my previous attempts were with clients that were currently connected to an AP.

 

I suspect that inside the VAP profile I definitely have a different value as I wasn't even aware that there is a value for the blacklist timeout.

 

I will have to try and figure out what that value is as I would like to make note of it in my documentation!

 

Thank you guys for your help! I feel stupid now, it is a pretty straight forward explanation!

Re: Permanent Blacklist no longer working

:) We all bunch of AirHeads once in a while :)
I love to assist as much as i can,we are all here for the same reason - to empower Aruba power!
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: