You are here: Authentication and User Management > Blacklisting Clients > Blacklisting Users Dynamically
Previous TopicNext Topic

Blacklisting Users Dynamically

The clients can be blacklisted dynamically when they exceed the authentication failure threshold or when a blacklisting rule is triggered as part of the authentication process.

Authentication Failure Blacklisting

When a client takes time to authenticate and exceeds the configured failure threshold, it is automatically blacklisted by an IAP.

Session Firewall Based Blacklisting

In session firewall based blacklisting, an ACL rule is used to enable the option for automation blacklisting. When the ACL rule is triggered, it sends out blacklist information and the client is blacklisted.

Configuring Blacklist Duration

You can set the blacklist duration using the Instant UI or CLI.

In the Instant UI

To set a blacklist duration:

1. Click the Security link from the top right corner of the Instant main window.
2. Click the Blacklisting tab.
3. Under Dynamic Blacklisting:
4. For Auth failure blacklist time, the duration in seconds after which the clients that exceed the authentication failure threshold must be blacklisted.
5. For PEF rule blacklisted time, enter the duration in seconds after which the clients can be blacklisted due to an ACL rule trigger.

 

You can configure a maximum number of authentication failures by the clients, after which a client must be blacklisted. For more information on configuring maximum authentication failure attempts, see Configuring Security Settings for a WLAN SSID Profile

To enable session firewall based blacklisting, click New and navigate to WLAN Settings > VLAN > Security > Access window, and enable the Blacklist option of the corresponding ACL rule.

In the CLI

To dynamically blacklist clients:

(Instant AP)(config)# auth-failure-blacklist-time <seconds>

(Instant AP)(config)# blacklist-time <seconds>

(Instant AP)(config)# end

(Instant AP)# commit apply

To view the blacklisted clients:

(Instant AP)# show blacklist-client config

 

Blacklist Time :60

Auth Failure Blacklist Time :60

Manually Blacklisted Clients

----------------------------

MAC Time

--- ----

Dynamically Blacklisted Clients

-------------------------------

MAC Reason Timestamp Remaining time(sec) AP IP

--- ------ --------- ------------------- -----

Dyn Blacklist Count :0