You are here: Home > CLI Commands > Just_CLI_Topics > show ap blacklist-clients

show ap blacklist-clients

show ap blacklist-clients

Description

Show a list of clients that have been denied access.

Usage Guidelines

Use the stm CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command to add or remove users from a blacklist. Additionally, the dot1x authentication, VPN authentication and MAC authentication profiles allow you to automatically blacklist a client if machine authentication fails.

Examples

The output of this command shows that the controller has a single user-defined blacklisted client.

(host)# show ap blacklist-clients

 

Blacklisted Clients

-------------------

STA reason block-time(sec) remaining time(sec)

--- ------ --------------- -------------------

00:1E:37:CB:D4:52 user-defined 45 3555

The output of this command includes the following information:

Column

Description

STA

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the blacklisted client.

reason

The reason that the user was blacklisted.

ARP-attack: Blacklisted for an ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. attack.

user-defined: Blacklisted due to blacklist criteria were defined by the network administrator

mitm-attack: Blacklisted for a man in the middle (MITM) attack; impersonating a valid enterprise AP.

gratuitous-ARP-attack: Blacklisted for a gratuitous ARPAddress Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. attack.

ping-flood: Blacklisted for a ping flood attack.

session-flood: Blacklisted for a session flood attack.

syn-flood: Blacklisted for a syn flood attack.

session-blacklist: User session was blacklisted

IP spoofing: Blacklisted for sending messages using the IP address of a trusted client.

ESI-blacklist: An external virus detection or intrusion detection application or appliance blacklisted the client.

CP-flood: Blacklisting for flooding with fake AP beacons.

UNKNOWN: Blacklist reason unknown.

 

block-time (sec)

Amount of time the client has been blocked, in seconds.

remaining time(sec)

Amount of time remaining before the client will be allowed access to the network again.

Related Commands

Command

Description

stm add-blacklist-client

Manually add clients from a blacklist.

stm remove-blacklist-client <macaddr>

Manually remove clients from a blacklist.

Command History

Command

Description

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/