Wireless Access

Hey,

 

Controler: Dell PowerConnect W3200

Firmware: 6.3.0.1

 

I have had success permanently blacklisting device in the past (they are still in the list of blacklisted devices).

I recently wanted to add a new device to the blacklist and got stuck with a 1 hr ban only.

 

I have tried blacklisting from both the commandline on the controller and from the GUI and both result in a 1 hr ban.

 

I have also checked that 'ap-blacklist-time' value is '0'

 

Any other suggestions on what I can check to ensure the blacklist are permanent?

 

Thank you,

 

Cheers

The behaviour change in 6.1.x I believe.

 

To change the blacklist time, you need to do the following

 

ap ap-blacklist-time <time>

 If you set to 0, when you manually blacklist a client it will be permanent I think.

Hey,

 

I have confirmed that the 'ap-blacklist-time' value is '0' already.

 

I have a two MAC's that are showing as permanent currently.

The new one I just added today is showing as blacklisted for 1 hour.

 

 

Perhaps I should try changing the 'ap-blacklist-time' to some other time, then change it back to 0.

Is it possible that the controller "forgot" this configuration setting?

 

Cheers

change it to something like 7200.  Unblacklist and blacklist again and see what the time says.

 

Try again after you change to a time of 0.

I changed the value to 7200 seconds. Blacklisted the device and it is still showing 60 minutes.

 

Just for fun I set the value back to 0 and blacklisted a different device, and it is showing 60 minutes as well.

 

It seems like the controller is ignoring the value completely.

can u please printout your vap configuration - if inside your vap u got diffrent blacklisting time...and the user connected to this VAP that what manner.

 

....

Blacklist Time

Number of seconds that a client is quarantined from the network after being blacklisted. Default: 3600 seconds (1 hour)

Hey guys,

 

Sorry kdisc98, I hadn't seen your reply before I posted my last one.

I did a test where I disconnected the device I was trying to blacklist and then quickly ran the 'stm add-blacklist-client' command and it is now showing as permanent!

All my previous attempts were with clients that were currently connected to an AP.

 

I suspect that inside the VAP profile I definitely have a different value as I wasn't even aware that there is a value for the blacklist timeout.

 

I will have to try and figure out what that value is as I would like to make note of it in my documentation!

 

Thank you guys for your help! I feel stupid now, it is a pretty straight forward explanation!

:) We all bunch of AirHeads once in a while :)
I love to assist as much as i can,we are all here for the same reason - to empower Aruba power!

Well said indeed! :smileyhappy:

 

And you are were 100% correct about the VAP profile. I just checked it now and the blacklist values are:

Authentication Failure Blacklist Time           3600 sec
Blacklist Time                                   3600 sec

Thanks again I really appreciate your help and explanation!

 

Cheers

it was my pleasure

Thanks guys!!

I am waiting on my console cable to be purchased.  I am in the GUI interface and it looks like  "0" is not allow as the time to be blacklisted.  Is there are way to set the time to permanent in the GIU interface?

Are you using a controller? If you are, you don't need a console cable, you should just be able to remote into the device via SSH/telnet.

When a client is connected to the controller, the blacklist time is obtained from the Virtual AP that the client is currently connected to.  If the client is NOT in the user table, the blacklist time is then derived from the "ap ap-blacklist-time 0" that you mentioned.

 

Type "show ap blacklist-clients" when you do a blacklist to see who is blacklisted and how much time is left.

 

Cli needed commands:

stm add-blacklist-client <MAC>

 

 

 

got it.  So kick them off, then quickly blacklist them.

 

:smileyhappy: