Wireless Access

Reply
Highlighted
All-Decade MVP 2020

Blacklist by MAC address

Is there a way to block a MAC address that attempts to connect to our wireless system?? Aruba 650 controller (6.1.3.7)


Accepted Solutions
Highlighted
Moderator

Re: Blacklist by MAC address

In order to permanently blacklist a client (across controller reboots), you will need AOS 6.2

 

You can blacklist the client using the following command:

stm add-blacklist-client <mac address>

 

Once you are on AOS 6.2+, you can run the following command to change the blacklist timer to permanent:

(config) #ap ap-blacklist-time 0

 

 



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Moderator

Re: Blacklist by MAC address

After running that second command, re-add the client using the first command.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: Blacklist by MAC address

In order to permanently blacklist a client (across controller reboots), you will need AOS 6.2

 

You can blacklist the client using the following command:

stm add-blacklist-client <mac address>

 

Once you are on AOS 6.2+, you can run the following command to change the blacklist timer to permanent:

(config) #ap ap-blacklist-time 0

 

 



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
All-Decade MVP 2020

Re: Blacklist by MAC address

I updated to 6.2 and ran the 1st command and notice it counting down from an hour under Monitoring>Blacklist Clients.. then ran the second command and saved the config and still see the timer counting down

Highlighted
Moderator

Re: Blacklist by MAC address

After running that second command, re-add the client using the first command.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
All-Decade MVP 2020

Re: Blacklist by MAC address

that did it!  thanks!

Highlighted
New Contributor

Re: Blacklist by MAC address

Are there REST APIs to interact with Clearpass server that we can add/remove endpoint to/from blacklist by its IP or MAC address? 

 

 


 

Highlighted
Moderator

Re: Blacklist by MAC address

Which blacklist are you referring to? This thread is about the controller's blacklist.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor II

Re: Blacklist by MAC address

I'm interested in a way to blacklist a client on the controller (mimicing the CLI command) via API. The API requires IP address which won't work for us - I'd like to just specify MAC address.

Highlighted
Guru Elite

Re: Blacklist by MAC address

Unfortunately the XML-API on the controller requires an ip address to also blacklist a client.  It is a mandatory requirement:  http://www.arubanetworks.com/techdocs/ArubaOS_81_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/XML_API/XML_Request.htm%3FTocPath%3DArubaOS%2520User%2520Guide%7CExternal%2520User%2520Management%7C_____3


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: