User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

471

472

473

474

475

476

477

478

479

480

477 | Wireless Intrusion Prevention Dell Networking W-Series ArubaOS 6.4.x| User Guide

The controller retains the client blacklist in the user database, so the information is not lost if the controller

reboots. When you import or export the controller’s user database, the client blacklist will be exported or

imported as well.

Methods of Blacklisting

There are several ways in which a client can be blacklisted in the Dell system:

l You can manually blacklist a specific client. See Blacklisting Manually on page 477 for more information.

l A client fails to successfully authenticate for a configured number of times for a specified authentication

method. The client is automatically blacklisted. See Blacklisting by Authentication Failure on page 477 for

more information.

l A DoS or man in the middle (MITM) attack has been launched in the network. Detection of these attacks can

cause the immediate blacklisting of a client. See Enabling Attack Blacklisting on page 478 for more

information.

l An external application or appliance that provides network services, such as virus protection or intrusion

detection, can blacklist a client and send the blacklisting information to the controller via an XML API server.

When the controller receives the client blacklist request from the server, it blacklists the client, logs an event,

and sends an SNMP trap.

See External Services Interface on page 992 for more information.

The External Services Interface feature require the Policy Enforcement Firewall Next Generation (PEFNG) license

installed in the controller.

Blacklisting Manually

There are several reasons why you may choose to blacklist a client. For example, you can enable different Dell

intrusion detection system (IDS) features that detect suspicious activities, such as MAC address spoofing or

DoS attacks. When these activities are detected, an event is logged and an SNMP trap is sent with the client

information. To blacklist a client, you need to know its MAC address.

To manually blacklist a client via the WebUI:

1. Navigate to the Monitoring > Controller > Clients page.

2. Select the client to be blacklisted and click the Blacklist button.

To clear the entire client blacklist using the WebUI:

1. Navigate to the Monitoring > Controller > Clients page.

2. Click Remove All from Blacklist.

To manually blacklist a client via the command-line interface, access the CLI in config mode and issue the

following command:

stm add-blacklist-client <macaddr>

To clear the entire client blacklist using the command-line interface, access the CLI in config mode and issue the

following command:

stm purge-blacklist-client

Blacklisting by Authentication Failure

You can configure a maximum authentication failure threshold for each of the following authentication

methods:

l 802.1x

l MAC