Controller Based WLANs

Exempt Valid Clients from Valid Station Protection

by ‎11-25-2015 04:04 PM - edited ‎11-25-2015 04:04 PM

Can I exempt Valid Clients from Valid Station Protection?



This article is applicable on controllers running OS


This feature will allow the system administrator to give certain employees’ devices special permission to associate to non-valid APs.

If a client is added to the ‘exempt-stations list’  then that client will not be included in any configured IDS policies which detect and protect against valid stations associating to non-valid APs.


If a client is valid-exempt, the Aruba AP will not:

–detect valid-station-misassociation for that client.

–enforce valid-station-protection on that client



To add and remove client device MAC addresses to the Valid-exempt Client List via the following CLI commands:

–wms client <mac> valid-exempt insert

–wms client <mac> valid-exempt remove


To see full list of configured valid-exempt clients

–show wms client valid-exempt


The clients that are being seen by the AP and are marked as valid-exempt 

–show ap monitor client-list ap-name <> valid-exempt


The number of MAC addresses currently contained in the Valid-exempt Client list 

–show wms counters


Limitations as of now:-

•The maximum number of MAC addresses that can be added to the Valid-exempt Client List is 200. 

•The configured Valid-exempt Client List will NOT be persisted across controller reboots


Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.