Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Unable to add client to blacklist

Jump to Best Answer
This thread has been viewed 35 times
  • 1.  Unable to add client to blacklist

    Posted 30 days ago
    Hello,
    I've recently inherited a network using Mobility Master to manage APs, and recently we became aware of a MAC address that needs to be blacklisted. Unfortunately, when I try to go to Managed Network > Dashboard > Security and try to click Blacklist (as mentioned in the documentation), I find that the feature is not clickable. If I click Detected Clients instead, then click over to Blacklisted Clients, I can see where the blacklist would be, but there are no clients in the list. If I click the "Add to blacklist" plus sign on this page, it allows me to enter the MAC I want to blacklist, but clicking "Add" does not add the client to the blacklist. I have also tried using the CLI, but "stm add-blacklist-client <MAC address>" is not recognized as a valid command (though perhaps I'm trying it in the wrong context?) I'd appreciate it if anyone can offer any insight into this issue.

    ------------------------------
    Matthew Derosier
    ------------------------------


  • 2.  RE: Unable to add client to blacklist

    Posted 30 days ago
    Just to clarify, you are using a mobility master that is managing a controller/controllers? Does your method look like the following screenshots?





    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: Unable to add client to blacklist

    Posted 30 days ago
    You could also click on the shield Icon.

    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 4.  RE: Unable to add client to blacklist

    Posted 30 days ago
    Correct, except the blacklist icon and title are greyed out.
    Blacklist icon and text greyed out

    ------------------------------
    Matthew Derosier
    ------------------------------



  • 5.  RE: Unable to add client to blacklist

    Posted 30 days ago
    Have you tried to add a device to the blacklist in the CLI, and then tried getting to that section in the GUI?

    Log into controller and add the station with the "stm add-blacklist-client <MAC>" command.

    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 6.  RE: Unable to add client to blacklist

    Posted 30 days ago
    Looks like that was the bit that I was missing - I was trying to add it to the master, not the controllers. Once I added it to the controller, it showed up correctly. Now, I'm noticing that it's a 1-hour blacklist - how would I make it a permanent entry?

    ------------------------------
    Matthew Derosier
    ------------------------------



  • 7.  RE: Unable to add client to blacklist
    Best Answer

    Posted 29 days ago
    Per SSID (3600 seconds default or 1 hour)

    wlan virtual-ap <profile>
    blacklist-time <seconds>


    Global Setting (3600 seconds default or 1 hour)

    Configure at a level below Managed Device

    ap ap-blacklist-time <time in seconds>

    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 8.  RE: Unable to add client to blacklist

    Posted 25 days ago
    Sorry for the late reply, I've been out sick for a few days.

    I've set the blacklist-time parameter for each SSID at 0 seconds, as well as the mobility master's top-level ap ap-blacklist-time, but it's still defaulting blacklist entries to 3600 seconds - did I miss a step, or is there a way to enter the cluster's context from the mobility master that I'm unaware of?

    ------------------------------
    Matthew Derosier
    ------------------------------



  • 9.  RE: Unable to add client to blacklist

    Posted 25 days ago
    You would want to configure it add it to your highest level to make it global. For example if you have MD and then a subfolder, and then folders below that, configure it at the next folder down from MD. If you have MD and then individual folders below that, then configure it at the MD level (Best practice is to always leave MD values at default, and start configuration changes below)

    cd /md/<top-folder>
    config t
    ap ap-blacklist-time 0
    wr mem
    end

    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 10.  RE: Unable to add client to blacklist

    Posted 25 days ago
    Thank you! That was it exactly - I didn't know that the cluster context was entered like it was a folder, I'd figured there was some other command for it I was missing!

    ------------------------------
    Matthew Derosier
    ------------------------------



  • 11.  RE: Unable to add client to blacklist

    Posted 30 days ago
    If you are looking to do it via CLI, you will modify the blacklist on the controller. Log into the controller or connect to it via MD Connect through the MM. If the controllers are clustered, it will replicate to the other members.

    ------------------------------
    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos
    ------------------------------