Wireless Access

Reply
Highlighted
Contributor II

Can you add blacklist exceptions?

I want to exclude a mac address from triggering blacklisting for IDS reasons (such as ping-flood). Is there a way to do this?

 

For example I have a network testing tool that does discovery via ping, ARP, etc... and it is being blacklisted by IDS. I dont want to change my IDS settings (I want my normal users being checked). I just want to allow the mac of my testing tool.

Highlighted

Re: Can you add blacklist exceptions?

I've run into a similar issue and had to disable blacklisting on our WLAN to stop blocking a valid device. The one thing you can do for a testing tool is stand up a testing SSID that is disabled except when in use (can even make it hidden) and disable blacklisting on there - that way the only device connecting is the tester. For us it was a production asset on a production network, unfortunately I didn't have the option.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Contributor II

Re: Can you add blacklist exceptions?

From what I could research, there is no way to add an exception to the black listing. This is a shame, and I'll submit it as a feature request (if it isnt already)

 

I'm not going to disable the IDS module on my production WLAN (of 6000+ devices) just to allow one through - that seems ridiculous. I'll keep playing with my tool to see if I can tune down the ARP and PING frequency, or might have to tune the threshold up a little in the IDS settings. Would still be nice to be able to add a black-list exception, doesn't seem like it would be that hard to code into AOS.


Thanks for your insight and reply though.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: