Frequent Contributor II

Clients blacklisted after 1 failed auth


I'm having a few problems with our new 802.1x rollout. I'm using Clearpass with 3400 controllers.


Users are getting blacklisted after one failed authentication. This could happen if they roam between controllers, or if an AD auth fails for some reason.


Can someone comment on best practices in setting up blacklisting? Do I need to use it at all?

I'm guessing that there's some interaction between blacklisting and users getting locked out of AD during a password change?

What are other gotchas?

Can I blacklist some networks and not others, or at least have different settings?


My current setup is unusable.


Thanks for the help,




Guru Elite

Re: Clients blacklisted after 1 failed auth

I would remove blacklisting for now..


It is best used when the threshold is below a user's AD lockout count.  802.1x supplicants submit authentications multiple times and can easily get a device blacklisted as a result.


I would get a stable network and then determine how blacklisting fits into it.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: