When these limits are exceeded, ExtremeCloud IQ puts the client MAC address into the sandbox and blocks future authentication attempts for 30 minutes, after which the MAC address is released from the sandbox. By default, a user can fail authentication 10 times in 7 minutes.
To prevent such attacks, ExtremeCloud IQ temporarily puts failed client MAC addresses into a sandbox. Users that repeatedly submit incorrect passwords, or passwords for deleted or expired PPSK users, can trigger a DoS (denial of service) attack. When ExtremeCloud IQ authenticates a PPSK user, it must check a large list to see which PPSK password matches what the user submitted. The Locked Clients list shows the MAC addresses of clients that have been locked temporarily. The following sections describe these utilities and provide instructions for how to use them. Select Utilities to see a list of helpful troubleshooting tools.