Wireless Access

Reply
Highlighted
Frequent Contributor II

Blacklist by MAC address

Is there a way to block a MAC address that attempts to connect to our wireless system?? Aruba 650 controller (6.1.3.7)

Guru Elite

Re: Blacklist by MAC address

In order to permanently blacklist a client (across controller reboots), you will need AOS 6.2

 

You can blacklist the client using the following command:

stm add-blacklist-client <mac address>

 

Once you are on AOS 6.2+, you can run the following command to change the blacklist timer to permanent:

(config) #ap ap-blacklist-time 0

 

 


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: Blacklist by MAC address

I updated to 6.2 and ran the 1st command and notice it counting down from an hour under Monitoring>Blacklist Clients.. then ran the second command and saved the config and still see the timer counting down

Guru Elite

Re: Blacklist by MAC address

After running that second command, re-add the client using the first command.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor II

Re: Blacklist by MAC address

that did it!  thanks!

New Contributor

Re: Blacklist by MAC address

Are there REST APIs to interact with Clearpass server that we can add/remove endpoint to/from blacklist by its IP or MAC address? 

 

 


 

Guru Elite

Re: Blacklist by MAC address

Which blacklist are you referring to? This thread is about the controller's blacklist.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: Blacklist by MAC address

I'm interested in a way to blacklist a client on the controller (mimicing the CLI command) via API. The API requires IP address which won't work for us - I'd like to just specify MAC address.

Guru Elite

Re: Blacklist by MAC address

Unfortunately the XML-API on the controller requires an ip address to also blacklist a client.  It is a mandatory requirement:  http://www.arubanetworks.com/techdocs/ArubaOS_81_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/XML_API/XML_Request.htm%3FTocPath%3DArubaOS%2520User%2520Guide%7CExternal%2520User%2520Management%7C_____3


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: