Wireless Access

last person joined: 5 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Can you add blacklist exceptions?

  • 1.  Can you add blacklist exceptions?

    Posted Feb 05, 2020 06:12 PM

    I want to exclude a mac address from triggering blacklisting for IDS reasons (such as ping-flood). Is there a way to do this?

     

    For example I have a network testing tool that does discovery via ping, ARP, etc... and it is being blacklisted by IDS. I dont want to change my IDS settings (I want my normal users being checked). I just want to allow the mac of my testing tool.



  • 2.  RE: Can you add blacklist exceptions?

    Posted Feb 14, 2020 10:56 AM

    I've run into a similar issue and had to disable blacklisting on our WLAN to stop blocking a valid device. The one thing you can do for a testing tool is stand up a testing SSID that is disabled except when in use (can even make it hidden) and disable blacklisting on there - that way the only device connecting is the tester. For us it was a production asset on a production network, unfortunately I didn't have the option.



  • 3.  RE: Can you add blacklist exceptions?

    Posted Feb 14, 2020 12:36 PM

    From what I could research, there is no way to add an exception to the black listing. This is a shame, and I'll submit it as a feature request (if it isnt already)

     

    I'm not going to disable the IDS module on my production WLAN (of 6000+ devices) just to allow one through - that seems ridiculous. I'll keep playing with my tool to see if I can tune down the ARP and PING frequency, or might have to tune the threshold up a little in the IDS settings. Would still be nice to be able to add a black-list exception, doesn't seem like it would be that hard to code into AOS.


    Thanks for your insight and reply though.