Command of the Day

Aruba Employee

COTD: Station DoS prevention

(Greig) (config) #stm sta-dos-prevention enable
STM stands for "station manager". It's the internal process that is resposible for the 802.11 state machine for users including things like association and 802.11-authentication (but not 802.1x/MAC/... style authentications).
DOS is Denial of Service.
Or in other words, this means that this command enables blacklisting of users (Note, most of these cases below require the WIP license).
What kind of blacklisting triggers are there?
- Manual - STA can be manually added blacklist - stm add-dos-sta ...
- Man in the Middle Attack - If STM detects a man in the middle attack on a station, it is automatically added to black list
- Max Auth Failure - If STA repeatedly fails authentication as defined in
aaa captive-portal max-authentication-failures
aaa dot1x ...
- Ping Flood Attack - If ping flood attack detection is enabled and happens...
- SYN Attack - same as ping flood
- Session Flood Attack - same as ping flood
- Session blacklist - If AAA ACL configuration with blacklist action has a hit, STA will get blacklisted
So what happens to a blacklisted client?
Well, the client will not be able to associate to the system and is blacklisted for the amount of time specified in stm sta-dos-block-time config item
Related Commands:
(Greig) # show stm dos-sta
(Greig) # stm add-dos-sta
(Greig) # stm remove-dos-sta
Search Airheads
Showing results for 
Search instead for 
Did you mean: