Guru Elite

COTD: protect-valid-sta

Protect Valid Stations:


ids unauthorized-device-profile

Requires: Wireless Intrusion Protection (WIP) license

The Protect Valid stations feature prevents any "Valid" clients from roaming to "Non-Valid" APs.

Valid stations are clients or devices who:
- Connect to the Aruba controller with some level of encryption, or
- Clients who are manually marked "Valid" by the administrator

Valid APs are:
- Access Points that terminate on the Aruba Controller
- Others Access Points that are manually marked "Valid" by the administrator

If you have an environment where your secure enterprise users can see access points from other organizations, to prevent security and support issues, you want to ensure that your users do not roam to these other access points. When the "Protect Valid Stations" parameter is enabled in the ids-unauthorized-profile of an AP-group, access points in your infrastructure will keep your valid users off those access points. This will also prevent honeypot attacks where an access point pretends to be one of yours, but is really an attacker, trying to lure your users and get their credentials.

Screenshot attached:

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
Showing results for 
Search instead for 
Did you mean: