Can I exempt Valid Clients from Valid Station Protection?
This article is applicable on controllers running 18.104.22.168 OS
This feature will allow the system administrator to give certain employees’ devices special permission to associate to non-valid APs.
If a client is added to the ‘exempt-stations list’ then that client will not be included in any configured IDS policies which detect and protect against valid stations associating to non-valid APs.
If a client is valid-exempt, the Aruba AP will not:
–detect valid-station-misassociation for that client.
–enforce valid-station-protection on that client
To add and remove client device MAC addresses to the Valid-exempt Client List via the following CLI commands:
–wms client <mac> valid-exempt insert
–wms client <mac> valid-exempt remove
To see full list of configured valid-exempt clients
–show wms client valid-exempt
The clients that are being seen by the AP and are marked as valid-exempt
–show ap monitor client-list ap-name <> valid-exempt
The number of MAC addresses currently contained in the Valid-exempt Client list
–show wms counters
Limitations as of now:-
•The maximum number of MAC addresses that can be added to the Valid-exempt Client List is 200.
•The configured Valid-exempt Client List will NOT be persisted across controller reboots