Problem:
–Aruba blacklist - MAC- filter
Actions:
–In the following process, you will find a way to block a mac addres on a WLAN
–Enter by CLI
–Run command: config terminal and run the following lines by MAC address to block (Example MAC: c0:f4:e6:36:c5:09)
(Aruba7030) *[mynode] #stm add-blacklist-client c0:f4:e6:36:c5:09
(Aruba7030) *[mynode] #
(Aruba72) *[mynode] #show ap blacklist-clients
Blacklisted Clients
- - - -
STA reason block-time(sec) remaining time(sec)
- - - -
c0:f4:e6:36:c5:09 user-defined 2015 1585
–Procedure to permanently leave the MAC Address blacklist:
wlan virtual-ap
auth-failure-blacklist-time 0
blacklist-time 0
–The lines to execute to block a MAC in a specific WLAN are:
wlan ssid-profile “WLAN-1”
auth-failure-blacklist-time 0
blacklist-time 0
wlan ssid-profile “WLAN-2”
auth-failure-blacklist-time 0
blacklist-time 0
wlan ssid-profile “WLAN-3”
auth-failure-blacklist-time 0
blacklist-time 0
wlan virtual-ap “VAP-WLAN1”
auth-failure-blacklist-time 0
blacklist-time 0
wlan virtual-ap “VAP-WLAN2”
auth-failure-blacklist-time 0
blacklist-time 0
wlan virtual-ap “VAP-WLAN3”
auth-failure-blacklist-time 0
blacklist-time 0
–Procedure to manually removing a user from Blacklist:
–(Aruba7030) *[mynode] #stm remove-blacklist-client c0:f4:e6:36:c5:09
Requerimientos:
–Aruba7030
Solución:
–Apply the above procedure write
Example process for WEB:
–mac-authentication process
–Follow the next step for setting mac-authentication for any WLAN
Note: Is important to use the correct INITIAL ROLE ACL, in this case, used logon role
Note: Create new user on internal server
Note: Is important to use the second correct INITIAL ROLE ACL, in this case, used ANNAR_USER role Note: you do can use any next format
Note: Create the new MAC authentication profile, in this case: ANNAR_USER (set for this format: 82-56-f2-f4-5a-e5)
–CLI commands to write a MAC for local-userdb and Blacklist-client
stm add-blacklist-client stm remove-blacklist-client stm purge-blacklist-client show ap blacklist-clients local-userdb add user show local-userdb
