Blacklisting Instant AP Clients
The client blacklisting denies connection to the blacklisted clients. When a client is blacklisted, it is not allowed to associate with an Instant AP in the network. If a client is connected to the network when it is blacklisted, a deauthentication message is sent to force client disconnection.
Blacklisting Clients Manually
Manual blacklisting adds the MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of a client to the blacklist. These clients are added into a permanent blacklist. These clients are not allowed to connect to the network unless they are removed from the blacklist.
To add a client to the blacklist manually, complete the following steps:
1. In the app, set the filter to a group that contains at least one AP.
The dashboard context for the group is displayed.
2. Under , click > .
A list of access points is displayed in the view.
3. Click the icon.
The tabs to configure the access points are displayed.
4. Click , and click the tab.
The Security details page is displayed.
5. Click the accordion.
6. Under Manual Blacklisting, click and enter the MAC address of the client to be blacklisted.
7. Click OK.
8. Click .
To delete a client from the manual blacklist, select the MAC Address of the client under the Manual Blacklisting, and then click the delete icon.
For the blacklisting to take effect, you must enable the blacklisting option when you create or edit the WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile. Go to > > and enable the option. For more information, see Creating a Wireless Network Profile.
Blacklisting Clients Dynamically
The clients can be blacklisted dynamically when they exceed the authentication failure threshold or when a blacklisting rule is triggered as part of the authentication process.
When a client takes time to authenticate and exceeds the configured failure threshold, it is automatically blacklisted by an Instant AP.
In session firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. based blacklisting, an ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. rule automates blacklisting. When the ACL rule is triggered, it sends out blacklist information and the client is blacklisted.
To configure the blacklisting duration, complete the following steps:
1. In the app, set the filter to a group that contains at least one AP.
The dashboard context for the group is displayed.
2. Under , click > .
A list of access points is displayed in the view.
3. Click the icon.
The tabs to configure the access points are displayed.
4. Click , and click the tab.
The Security details page is displayed.
5. Click the accordion.
6. Under , enter the following information:
a. For Auth Failure Blacklist Time, enter the duration after which the clients that exceed the authentication failure threshold must be blacklisted.
b. For Policy Enforcement Failure Rule Blacklisted Time, enter the duration after which the clients can be blacklisted due to an ACL rule trigger.
7. Click .
You can configure a maximum number of authentication failures by the clients, after which a client must be blacklisted. For more information on configuring maximum authentication failure attempts, see Creating a Wireless Network Profile.
To enable session-firewall-based blacklisting, select the check box in the page during the WLAN SSID profile creation. For more information, see Configuring Network Service ACLs.
