ExtremeCloud IQ authenticates PPSK clients against a large list of passwords. Users that repeatedly submit incorrect, deleted, or expired passwords can trigger a DoS attack. To prevent this, ExtremeCloud IQ temporarily puts the MAC address of a client device that repeatedly fails authentication 10 times in 7 minutes (default settings) into a sandbox and blocks future attempts for 30 minutes. For all authentication attempts, ExtremeCloud IQ first checks the client MAC address against the list of locked clients in the sandbox.
To unlock a client, use the following steps: