How to Blacklist a client Manually in IAP

By Arunkumar posted Jun 26, 2014 04:17 PM


There might a need for network admin to block access to certain devices manually apart from the dynamic blacklist feature. The MAC address of the clients needs to known to get this accomplished.


Blacklist will avoid clients connecting to wireless.

If we know the MAC addresses of the clients, we can add those to the Blacklist table and they would not be able connect any longer to Aruba Wireless.
Please note, that in order for a user to be blacklisted, the "blacklisting" parameter must be enabled in the security setting of the SSID that the user is trying to connect to.
What this means is that if you have an "Employee" network and a "Guest" network and you have blacklisted a user, he will be denied access to the Employee network if you have blacklisting enabled in the Employee SSID, but that client will still be able to connect to the Guest network if you don't have blacklisting enabled in that SSID, so you need blacklisting enabled in both.

If you have user debugging configured, a client that has been blacklisted but is being rejected by the system will show up in the user logs.

Attached are the screenshots on how to accomplish this.
To add MAC address to the Blacklist table
Navigate to Security à  Blacklisting à Manual Blacklist à MAC address to Add
To enable Blacklist in the SSID 
SSID à Edit à Security à Blacklisting à Enabled


IAP Blacklist Screenshot.JPG

IAP Blacklist Screenshot 1.JPG
1 comment
1 view


May 16, 2017 04:10 AM


After I blacklist a client MAC address, I had always an "alarm" on my IAP that advise that a MAC address has been blacklisted manually. is it possible to disable it ?