You are here: Home > CLI Commands > Just_CLI_Topics > show ap blacklist-clients

show ap blacklist-clients

show ap blacklist-clients


Show a list of clients that have been denied access.

Usage Guidelines

Use the stm CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command to add or remove users from a blacklist. Additionally, the dot1x authentication, VPN authentication and MAC authentication profiles allow you to automatically blacklist a client if machine authentication fails.


The output of this command shows that the controller has a single user-defined blacklisted client.

(host)# show ap blacklist-clients


Blacklisted Clients


STA reason block-time(sec) remaining time(sec)

--- ------ --------------- -------------------

00:1E:37:CB:D4:52 user-defined 45 3555

The output of this command includes the following information:




MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the blacklisted client.


The reason that the user was blacklisted.

ARP-attack: Blacklisted for an ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. attack.

user-defined: Blacklisted due to blacklist criteria were defined by the network administrator

mitm-attack: Blacklisted for a man in the middle (MITM) attack; impersonating a valid enterprise AP.

gratuitous-ARP-attack: Blacklisted for a gratuitous ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. attack.

ping-flood: Blacklisted for a ping flood attack.

session-flood: Blacklisted for a session flood attack.

syn-flood: Blacklisted for a syn flood attack.

session-blacklist: User session was blacklisted

IP spoofing: Blacklisted for sending messages using the IP address of a trusted client.

ESI-blacklist: An external virus detection or intrusion detection application or appliance blacklisted the client.

CP-flood: Blacklisting for flooding with fake AP beacons.

UNKNOWN: Blacklist reason unknown.


block-time (sec)

Amount of time the client has been blocked, in seconds.

remaining time(sec)

Amount of time remaining before the client will be allowed access to the network again.

Related Commands



stm add-blacklist-client

Manually add clients from a blacklist.

stm remove-blacklist-client <macaddr>

Manually remove clients from a blacklist.

Command History




Command introduced.

Command Information



Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.