Security

Reply
MVP
Posts: 2,988
Registered: ‎10-25-2011

protect-valid-sta

Hello

I was looking more info about this

Lets start with what i know:

 

This feature will protect stations that have connected with the controller with some kind of encriptation

Also you can mark a valid station manually 

 

It will protect my "valid stations" from connecting to APS that are terminated on my controller or the ones that are not manually marked as valid

 

What i dont know and its what i want to ask

 

As far i know the controller retains like a valid client list and thats how he knows hey that client cannot connect to that other AP because i got it in my valid list and i need to protect him!

 

How much does this entry stay on my controller?

 

Let say i connected today... and i dont connect in a year.... will my client be protected even if i have not connected in a year? 

How much does the controller retains this entry? it is an editable value??

I was searching in the user guide but didnt really see anything of this or maybe i missed it :/

 

Anyone?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Regular Contributor I
Posts: 174
Registered: ‎10-22-2010

Re: protect-valid-sta

I believe its as long as the client is in the wms dB.
Guru Elite
Posts: 20,978
Registered: ‎03-29-2007

Re: protect-valid-sta

A client is automatically added to the valid station list when it connects to your controller using encryption.  It stays in that list for 30 days.  You can use "show wms client list | include valid" to see those clients.

 

You would use "wms client <mac> mode valid add" to manually add a user to the valid client list, but the command would typically only be used for testing "protect valid station".

 

This is typically used when you don't want your enterprise clients roaming to another SSID when they are still at work or at school.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 2,988
Registered: ‎10-25-2011

Re: protect-valid-sta

Thank you for your answer Collin!!

2 more questions

 

1-Can you edit thsi 30 days value?

2-If the controller reboot does the database get lost? or it save it somewhere???

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 20,978
Registered: ‎03-29-2007

Re: protect-valid-sta

[ Edited ]

1.  If you type "show wms general", the sta-ageout-interval indicates in days how long a device is kept in the database.  This can be changed:  http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/ids wms-general-profile.htm

2.  The database does not get lost upon reboot.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 2,988
Registered: ‎10-25-2011

Re: protect-valid-sta

Thank you very much Collin :)

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: