Security

last person joined: 16 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clients blacklisted after 1 failed auth

This thread has been viewed 0 times

  • 1.  Clients blacklisted after 1 failed auth

    Posted Jul 10, 2014 03:14 PM

    Hi:

    I'm having a few problems with our new 802.1x rollout. I'm using Clearpass with 3400 controllers.

     

    Users are getting blacklisted after one failed authentication. This could happen if they roam between controllers, or if an AD auth fails for some reason.

     

    Can someone comment on best practices in setting up blacklisting? Do I need to use it at all?

    I'm guessing that there's some interaction between blacklisting and users getting locked out of AD during a password change?

    What are other gotchas?

    Can I blacklist some networks and not others, or at least have different settings?

     

    My current setup is unusable.

     

    Thanks for the help,

    Tony

     

     


    #3400


  • 2.  RE: Clients blacklisted after 1 failed auth

    EMPLOYEE
    Posted Jul 10, 2014 03:43 PM

    I would remove blacklisting for now..

     

    It is best used when the threshold is below a user's AD lockout count.  802.1x supplicants submit authentications multiple times and can easily get a device blacklisted as a result.

     

    I would get a stable network and then determine how blacklisting fits into it.