Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

Push single via Airwave

This thread has been viewed 1 times

  • 1.  Push single via Airwave

    Posted Oct 16, 2014 09:46 AM

    I want to enable blacklisting with failed auths on about 20 aruba controllers.  Can I apply a single command via Airwave?  We currently dont provision AP's or apply configurations via Airwave now.  Running latest code on everything.



  • 2.  RE: Push single via Airwave

    EMPLOYEE
    Posted Oct 16, 2014 10:19 AM

    You *can* do this with Airwave but you have to make sure that all controllers in the Group share a similar config because once you move to manage mode in the Group, it will use one of the controller's configs as a config template to then sync to all other controllers in the same group.  You can use overrides for the 20 controllers you wish to add the blacklist to.

     

    Another thought...do you have Clearpass?  If not you really should consider it :-).  In there, we can write both the blacklisted clients and a policy to say if an auth comes in from X device group (20 controllers) AND the client Mac/user ID/device is part of the blacklist, then deny access or even redirect to a captive portal explaining what happened.  See below example.  We can write this blacklist based on a simple list or using more flexible regular expressions.  We can also write the blacklist on other context variables like device types and usernames/AD groups.

     

    Hope this helps!

     

    guest-unauthorized-access.jpg



  • 3.  RE: Push single via Airwave

    Posted Oct 16, 2014 10:38 AM

    Yes, I have "accidently" pushed a config to another controller and they were not exact.  So I am scared to change to modify mode via Airwave.

     

    We do have and use Clearpass.. I have the blacklisting enabled and working on 1 of our controllers, just want to enable the exact thing on all our remote controllers.



  • 4.  RE: Push single via Airwave

    EMPLOYEE
    Posted Oct 16, 2014 10:40 AM

    Well...if you have Clearpass, then have that solution do the blacklisting and don't worry about the controller config blacklisting devices.



  • 5.  RE: Push single via Airwave

    Posted Oct 16, 2014 11:00 AM

    Is there any documentation on creating a blacklist policy via Clearpass?  Basically how we have it setup now.. a wireless client connecting to our employee SSID has 4 attempts to connect to the network.. with 4 failed attempts, the client will be blacklisted for 60 mins and then try again.  We do this to avoid clients being locked out (via AD).. 5 failed password attempts will lock the client out and can only be unlocked by the helpdesk.. to elevate calls, the account will never be locked via the wireless.



  • 6.  RE: Push single via Airwave

    EMPLOYEE
    Posted Oct 16, 2014 04:58 PM
      |   view attached

    Try this...

     

     

    Attachment(s)

    pdf
    Preventing AD account lockout for ClearPass.pdf   593 KB 1 version


  • 7.  RE: Push single via Airwave

    EMPLOYEE
    Posted Oct 16, 2014 04:59 PM

    You can then blacklist on the controller FROM Clearpass using this logic...

     

    http://community.arubanetworks.com/t5/ClearPass-Recipes/Blacklist-a-user-on-an-Aruba-Controller/ta-p/204337



  • 8.  RE: Push single via Airwave

    Posted Oct 16, 2014 05:09 PM

    thanks.. I will test that.  will I be able to see the clients who are actually being blacklisted?  I am able to monitor it currently on each controller.