Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

protect-valid-sta

This thread has been viewed 19 times

  • 1.  protect-valid-sta

    Posted May 06, 2015 01:49 AM

    Hello

    I was looking more info about this

    Lets start with what i know:

     

    This feature will protect stations that have connected with the controller with some kind of encriptation

    Also you can mark a valid station manually 

     

    It will protect my "valid stations" from connecting to APS that are terminated on my controller or the ones that are not manually marked as valid

     

    What i dont know and its what i want to ask

     

    As far i know the controller retains like a valid client list and thats how he knows hey that client cannot connect to that other AP because i got it in my valid list and i need to protect him!

     

    How much does this entry stay on my controller?

     

    Let say i connected today... and i dont connect in a year.... will my client be protected even if i have not connected in a year? 

    How much does the controller retains this entry? it is an editable value??

    I was searching in the user guide but didnt really see anything of this or maybe i missed it :/

     

    Anyone?

     

    Cheers

    Carlos



  • 2.  RE: protect-valid-sta

    Posted May 06, 2015 04:05 AM
    I believe its as long as the client is in the wms dB.


  • 3.  RE: protect-valid-sta
    Best Answer

    EMPLOYEE
    Posted May 06, 2015 06:49 AM

    A client is automatically added to the valid station list when it connects to your controller using encryption.  It stays in that list for 30 days.  You can use "show wms client list | include valid" to see those clients.

     

    You would use "wms client <mac> mode valid add" to manually add a user to the valid client list, but the command would typically only be used for testing "protect valid station".

     

    This is typically used when you don't want your enterprise clients roaming to another SSID when they are still at work or at school.



  • 4.  RE: protect-valid-sta

    Posted May 06, 2015 10:12 AM

    Thank you for your answer Collin!!

    2 more questions

     

    1-Can you edit thsi 30 days value?

    2-If the controller reboot does the database get lost? or it save it somewhere???

     

    Cheers

    Carlos



  • 5.  RE: protect-valid-sta

    EMPLOYEE
    Posted May 06, 2015 10:17 AM

    1.  If you type "show wms general", the sta-ageout-interval indicates in days how long a device is kept in the database.  This can be changed:  http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/ids wms-general-profile.htm

    2.  The database does not get lost upon reboot.

     



  • 6.  RE: protect-valid-sta

    Posted May 06, 2015 10:37 PM

    Thank you very much Collin :)

     

    Cheers

    Carlos