Command of the Day

Reply
Guru Elite
Posts: 20,816
Registered: ‎03-29-2007

COTD: protect-valid-sta

Protect Valid Stations:

Format:

ids unauthorized-device-profile
protect-valid-sta

Requires: Wireless Intrusion Protection (WIP) license

The Protect Valid stations feature prevents any "Valid" clients from roaming to "Non-Valid" APs.

Valid stations are clients or devices who:
- Connect to the Aruba controller with some level of encryption, or
- Clients who are manually marked "Valid" by the administrator

Valid APs are:
- Access Points that terminate on the Aruba Controller
- Others Access Points that are manually marked "Valid" by the administrator

If you have an environment where your secure enterprise users can see access points from other organizations, to prevent security and support issues, you want to ensure that your users do not roam to these other access points. When the "Protect Valid Stations" parameter is enabled in the ids-unauthorized-profile of an AP-group, access points in your infrastructure will keep your valid users off those access points. This will also prevent honeypot attacks where an access point pretends to be one of yours, but is really an attacker, trying to lure your users and get their credentials.

Screenshot attached:


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: