View Only
last person joined: 17 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Blacklisting users

This thread has been viewed 32 times
  • 1.  Blacklisting users

    Posted May 08, 2019 04:45 AM

    In clearpass monitoring there is a blacklist users table where you can view blacklisted users and delete them from the blacklist ......


    Can't seem to find info in the help system as to how you actually blacklist a user/mac address.


    Searching for blacklist just gives you the Monitoring table


    Running 6.8 


  • 2.  RE: Blacklisting users
    Best Answer

    Posted May 08, 2019 04:54 AM

    The blacklist table in monitoring is only used by the built in guest. When a device is expired it will role into the blacklist table. If you want to blacklist your own device/user then you can just add a custom attribute and filter on that in your service.

  • 3.  RE: Blacklisting users

    Posted May 08, 2019 05:03 AM

    o.k. fair enough. We do "things" to blacklist people anyway,just wondered if it was a general "blacklist feature" in policy manager

  • 4.  RE: Blacklisting users

    Posted Apr 11, 2024 12:45 PM

    I built a static host list called blacklist, added the mac-addresses to the list, then built the role, profile and service. It works great for me.


  • 5.  RE: Blacklisting users

    Posted Apr 11, 2024 01:29 PM

    Static Hosts Lists are legacy ClearPass feature and are no longer recommended for use.  This method also has no protection against MAC spoofing.

  • 6.  RE: Blacklisting users

    Posted Apr 11, 2024 01:42 PM

    If static host lists are not recommended, How do you do mac auth bypass?


  • 7.  RE: Blacklisting users

    Posted Apr 11, 2024 01:48 PM


  • 8.  RE: Blacklisting users

    Posted Apr 11, 2024 03:14 PM

    Rather than SHL, use device registration so that you have an actual database of entries rather than a cumbersome list that is prone to errors.

    Carson Hulcher, ACEX#110