Q: Can I exempt Valid Clients from Valid Station Protection?
A: This article is applicable on controllers running 6.4.4.0 OS
This feature will allow the system administrator to give certain employees’ devices special permission to associate to non-valid APs.
If a client is added to the ‘exempt-stations list’ then that client will not be included in any configured IDS policies which detect and protect against valid stations associating to non-valid APs.
If a client is valid-exempt, the Aruba AP will not:
–detect valid-station-misassociation for that client.
–enforce valid-station-protection on that client
Configuration:-
To add and remove client device MAC addresses to the Valid-exempt Client List via the following CLI commands:
–wms client <mac> valid-exempt insert
–wms client <mac> valid-exempt remove
To see full list of configured valid-exempt clients
–show wms client valid-exempt
The clients that are being seen by the AP and are marked as valid-exempt
–show ap monitor client-list ap-name <> valid-exempt
The number of MAC addresses currently contained in the Valid-exempt Client list
–show wms counters
Limitations as of now:-
•The maximum number of MAC addresses that can be added to the Valid-exempt Client List is 200.
•The configured Valid-exempt Client List will NOT be persisted across controller reboots