What are the different client blacklisting features available on Instant AP and how to configure them?

Aruba Employee
Aruba Employee

Introduction :


Unlike Wired networks, wireless access spans across physical boundaries and thereby client blacklisting becomes significant feature to keep the unauthorized users from associating to the network. The following types of client blacklisting are available in Instant:
  • Manual Blacklisting
  • Authentication Failure Blacklisting
  • Session Firewall Based Blacklisting

Feature Notes :


Authentication failure blacklisting takes place only when blacklisting is enabled in authentication settings of an SSID


Environment : This article applies to Aruba Instant Access Points.


Network Topology : Wireless clients association to Aruba Instant Access Points.


Configuration Steps :


Following is the configuration steps for different client blacklisting features of Instant AP:



Manual Blacklisting:

  1. Login to Web interface of Instant cluster
  2. Click on "Security" from the main-menu
  3. On the "Backlisting" tab, add the MAC address of the client to be blacklisted. These clients are permanently blacklisted.

User-added image


Authentication Failure Blacklisting:

This method is applicable only where authentication request is generated to internal server or external auth server.
  1. Login to Web interface of Instant cluster.
  2. Select the SSID from the list and click on "Edit"
  3. Move to "Security" and enable the "Blacklisting" under authentication settings.
Mention the no. of authentication failures. (Range:  0 - 10)

User-added image

The duration that this user is blacklisted can be configured. As below:User-added image

Session Firewall Based Blacklisting:

This method is used to blacklist a authorized user when an unexpected traffic is seen.As the user session hits the ACL, the user is blacklistedand is de-authenticated.

  1. Login to Web interface of Instant cluster.
  2. Click on "Security" from the main-menu
  3. On the "Roles" tab, edit the existing ACl create a new one.User-added image

Verification : Blacklisted clients can be verified on IAP Web interface as well as in command line:


On Web Interface:User-added image

On Command Line:User-added image

NOTE: The reason column indicates the method that the is client is blacklisted.


Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 07:53 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: