Exempt Valid Clients from Valid Station Protection


Can I exempt Valid Clients from Valid Station Protection?



This article is applicable on controllers running OS


This feature will allow the system administrator to give certain employees’ devices special permission to associate to non-valid APs.

If a client is added to the ‘exempt-stations list’  then that client will not be included in any configured IDS policies which detect and protect against valid stations associating to non-valid APs.


If a client is valid-exempt, the Aruba AP will not:

–detect valid-station-misassociation for that client.

–enforce valid-station-protection on that client



To add and remove client device MAC addresses to the Valid-exempt Client List via the following CLI commands:

–wms client <mac> valid-exempt insert

–wms client <mac> valid-exempt remove


To see full list of configured valid-exempt clients

–show wms client valid-exempt


The clients that are being seen by the AP and are marked as valid-exempt 

–show ap monitor client-list ap-name <> valid-exempt


The number of MAC addresses currently contained in the Valid-exempt Client list 

–show wms counters


Limitations as of now:-

•The maximum number of MAC addresses that can be added to the Valid-exempt Client List is 200. 

•The configured Valid-exempt Client List will NOT be persisted across controller reboots


Version history
Revision #:
2 of 2
Last update:
‎11-25-2015 04:04 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: