Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 304/305 Access Points

991

992

993

994

995

996

997

998

999

1000

show ap blacklist-clients

Description

Show a list of clients that have been denied access.

Usage Guidelines

Use the stm CLI command to add or remove users from a blacklist. Additionally, the dot1x authentication,

VPN authentication and MAC authentication profiles allow you to automatically blacklist a client if

machine authentication fails.

Examples

The output of this command shows that the controller has a single user-defined blacklisted client.

(host)# show ap blacklist-clients

Blacklisted Clients

-------------------

STA reason block-time(sec) remaining time(sec)

--- ------ --------------- -------------------

00:1E:37:CB:D4:52 user-defined 45 3555

The output of this command includes the following information:

Column Description

STA

MAC address of the blacklisted client.

reason

The reason that the user was blacklisted.

l ARP-attack: Blacklisted for an ARP attack.

l user-defined: Blacklisted due to blacklist criteria were defined by the

network administrator

l mitm-attack: Blacklisted for a man in the middle (MITM) attack;

impersonating a valid enterprise AP.

l gratuitous-ARP-attack: Blacklisted for a gratuitous ARP attack.

l ping-flood: Blacklisted for a ping flood attack.

l session-flood: Blacklisted for a session flood attack.

l syn-flood: Blacklisted for a syn flood attack.

l session-blacklist: User session was blacklisted

l IP spoofing: Blacklisted for sending messages using the IP address of a

trusted client.

l ESI-blacklist: An external virus detection or intrusion detection application

or appliance blacklisted the client.

l CP-flood: Blacklisting for flooding with fake AP beacons.

l UNKNOWN: Blacklist reason unknown.

Dell Networking W-Series ArubaOS 6.5.x | Reference Guide show ap blacklist-clients | 997