Exempt Valid Clients from Valid Station Protection

Aruba Employee
Q:

Can I exempt Valid Clients from Valid Station Protection?

   



A:

This article is applicable on controllers running 6.4.4.0 OS

 

This feature will allow the system administrator to give certain employees’ devices special permission to associate to non-valid APs.

If a client is added to the ‘exempt-stations list’  then that client will not be included in any configured IDS policies which detect and protect against valid stations associating to non-valid APs.

 

If a client is valid-exempt, the Aruba AP will not:

–detect valid-station-misassociation for that client.

–enforce valid-station-protection on that client

 

Configuration:-

To add and remove client device MAC addresses to the Valid-exempt Client List via the following CLI commands:

–wms client <mac> valid-exempt insert

–wms client <mac> valid-exempt remove

 

To see full list of configured valid-exempt clients

–show wms client valid-exempt

 

The clients that are being seen by the AP and are marked as valid-exempt 

–show ap monitor client-list ap-name <> valid-exempt

 

The number of MAC addresses currently contained in the Valid-exempt Client list 

–show wms counters

 

Limitations as of now:-

•The maximum number of MAC addresses that can be added to the Valid-exempt Client List is 200. 

•The configured Valid-exempt Client List will NOT be persisted across controller reboots

 

Version history
Revision #:
2 of 2
Last update:
‎11-25-2015 04:04 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: