In the CLI
To blacklist a client:
(Instant AP)(config)# blacklist-client <MAC-Address>
(Instant AP)(config)# end
(Instant AP)# commit apply
To enable blacklisting in the SSIDprofile:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# blacklisting
(Instant AP)(SSID Profile <name>)# end
(Instant AP)# commit apply
To view the blacklisted clients:
(Instant AP)# show blacklist-client
Blacklisted Clients
-------------------
MAC Reason Timestamp Remaining time(sec) AP name
--- ------ --------- ------------------- -------
00:1c:b3:09:85:15 user-defined 17:21:29 Permanent -
Blacklisting Users Dynamically
The clients can be blacklisted dynamically when they exceed the authentication failure threshold or when a
blacklisting rule is triggered as part of the authentication process.
Authentication Failure Blacklisting
When a client takes time to authenticate and exceeds the configured failure threshold, it is automatically
blacklisted by anIAP.
Session Firewall-Based Blacklisting
In session firewall-based blacklisting, an ACL rule is used to enable the option for dynamic blacklisting. When
the ACL rule is triggered, it sends out blacklist information and the client is blacklisted.
Configuring Blacklist Duration
You can set the blacklist duration using the Instant UI or the CLI.
In the Instant UI
To set a blacklist duration:
1. Click the Security link located directly above the Search bar in the Instant main window.
2. Click the Blacklisting tab.
3. Under Dynamic Blacklisting:
4. For Auth failure blacklist time, the duration in seconds after which the clients that exceed the
authentication failure threshold must be blacklisted.
5. For PEF rule blacklisted time, enter the duration in seconds after which the clients can be blacklisted due
to an ACL rule trigger.
You can configure a maximum number of authentication failures by the clients, after which a client must be
blacklisted. For more information on configuring maximum authentication failure attempts, see Configuring
Security Settings for a WLAN SSID Profile on page 90.
To enable session-firewall-based blacklisting, click New and navigate to WLAN Settings > VLAN > Security
> Access window, and enable the Blacklist option of the corresponding ACL rule.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide Authentication and User Management | 177
To Next Page
Loading...
Need help?
General
