**Problem:**

**--Aruba blacklist - MAC- filter**

**Actions:**

--In the following process, you will find a way to block a mac addres on a WLAN

--Enter by CLI

--Run command: config terminal and run the following lines by MAC address to block (Example MAC: c0:f4:e6:36:c5:09)

(Aruba7030) *[mynode] #**stm add-blacklist-client c0:f4:e6:36:c5:09**

(Aruba7030) *[mynode] #

(Aruba72) *[mynode] #**show ap blacklist-clients**

Blacklisted Clients

-  -  -  -

STA reason block-time(sec) remaining time(sec)

-  -  -  -

c0:f4:e6:36:c5:09 user-defined 2015 1585



**--Procedure to permanently leave the MAC Address blacklist:**

wlan virtual-ap 

**auth-failure-blacklist-time 0**
   
** blacklist-time 0**
   
 
   
**--The lines to execute to block a MAC in a specific WLAN are:**

wlan ssid-profile "WLAN-1"

**auth-failure-blacklist-time 0**

**blacklist-time 0**



wlan ssid-profile "WLAN-2"

auth-failure-blacklist-time 0

blacklist-time 0



wlan ssid-profile "WLAN-3"

auth-failure-blacklist-time 0

blacklist-time 0



wlan virtual-ap "VAP-WLAN1"

**auth-failure-blacklist-time 0**

**blacklist-time 0**



wlan virtual-ap "VAP-WLAN2"

auth-failure-blacklist-time 0

blacklist-time 0


wlan virtual-ap "VAP-WLAN3"

auth-failure-blacklist-time 0

blacklist-time 0



**--Procedure to manually removing a user from Blacklist:**

--(Aruba7030) *[mynode] #**stm remove-blacklist-client c0:f4:e6:36:c5:09**



Requerimientos:

--Aruba7030



Solución:

**--Apply the above procedure write**

----

**Example process for WEB:**


--mac-authentication process

--Follow the next step for setting mac-authentication for any WLAN


  Note: Is important to use the correct INITIAL  ROLE  ACL, in this case, used logon role

{{:aruba_networks:controller:blacklist_command9.png?700|}}

  Note:  Create  new user on internal server 
  
{{:aruba_networks:controller:blacklist_command2.png?700|}}  

  
   Note: Is important to use the second correct INITIAL ROLE ACL, in this case, used ANNAR_USER role
   Note: you do can use any next format

{{:aruba_networks:controller:blacklist_command0.png?200|}}

  Note:  Create the new MAC authentication profile, in this case: ANNAR_USER  (set for this format:  82-56-f2-f4-5a-e5)
  
{{:aruba_networks:controller:blacklist_command5.png?700|}}  

{{:aruba_networks:controller:blacklist_command12.png?700|}}

**--CLI commands to write a MAC for local-userdb and Blacklist-client**

{{:aruba_networks:controller:blacklist_command14.png?700|}}

{{:aruba_networks:controller:blacklist_command15.png?700|}}

{{:aruba_networks:controller:blacklist_command16.png?700|}}

{{:aruba_networks:controller:blacklist_command.png?500|}}


----

[[https://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/MAC_Authentication.php#XREF_42227_Configuring_the]]

[[https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-configure-MAC-based-authentication-on-Aruba/ta-p/182430]]


  stm add-blacklist-client
  stm remove-blacklist-client
  stm purge-blacklist-client
  show ap blacklist-clients
  local-userdb add user
  show local-userdb


----

{{:aruba_networks:controller:blacklist_command13.png?600|}}
----