Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Valid client list

This thread has been viewed 7 times

  • 1.  Valid client list

    Posted Aug 29, 2012 06:30 PM

    hello i was wondering where could i see this VALID client list?

    i know i can see a valid connected client on the monitoring but when i log off the wirelessfrom the ARUBA and i want to log on another AP let say i got configured protect valid clients... which what it does is that it wont let valid clients connect to other APs which are not in the valid list....

    Aruba controller obiusly got this list of clients even if they disconnect from  the aruba APs becasue they remenber... they know which clients connected to the controller and which never connected to the controller...

     

    For example i got ArubaSSID and another SSID lets call it OthercompanySSID

     

    I got 2 clients

    1 that NEVER connected to the controller

    1 that connect to the controller

     

    I put an air monitor

    configure protect my valid clients on the IPS with death only

     

    if the client that connected to the controller  sometimes try to connnect to the othercompanySSID which is not a valid AP it will deathentiate it and it wont let it connect which is okay as thats what we expecting

     

    If we got the other client that never connect to the controller he willl let him connect as he is not avalid client and he will leave that client connect with no issue...

     

    I got 3 questions

     

    1-Now Where do i see this client List what command i need to use to see them?

     

    2-The other weird thing is that  in one of my test i  had 3 clients that does connect to the controller they all were trying to connect to the  othercompany SSID but as they couldnt casue they were valid client the air monitor was deathenticating them all but it reach a momment in which the Antenna of the othercompanySSID crashed or something.... because then noone could connnect to the othercompany SSID... i turned off the air monitor the controller as this was just a lab and it still was like that... i had to reboot that AP(the other comapany SSID) which i don t think it should be happening... any ideas what was the issue there?

     

    3-Where can i see users or APs that were tarpid with wireless containment and how can i remove them from there?

     

    Cheers

    Carlos



  • 2.  RE: Valid client list
    Best Answer

    EMPLOYEE
    Posted Aug 29, 2012 06:57 PM

    Valid clients are clients that have connected to the Aruba Controller with encryption.  Its purpose is to setup the IDS setting "Do not allow valid clients to connect to interferring access points".  They are assumed to be corporate clients.

     

    You can see them by typing:

     

    show wms client list | include valid

     Normally, access points, NOT clients are tarpitted.  Client that you don't want to connect are blacklisted.

     



  • 3.  RE: Valid client list

    Posted Aug 29, 2012 08:02 PM

    Hello Collin

    Thank you very much agian for your time in aswering!

    So if i did instead of death only i did tarpt non valid station this is what would happen i just want to confirm if im right or totally wrong

     

    Let say i got  this 2 scenarios also got  2 question...

     

    1 Scenario(tarpid non valid station)

    A valid client try  to connect to a non valid AP it will still prevent that client to connect to the nonvalidSSID and will let him to connect still to the aruba ssid

     

    2 Scenario (arpid all station)

    If i got configured tarpid all station... then in this case if the client tried to connect to the nonvalidssid, it wont let him connect to the nonvlaid ssid and also  it will be blacklisted and it wont let him connect to my valid SSIDs?

     

    3 Question

    APs just get tarpd IF i manually contain it, OR its contained because its a rogue AP and the checkbox of cotain rogue ap is on or suspect rogue ap and when the ips does tell you it would do right like when he detect an impersonating AP  he will tarpid that AP and also the real one(or at least thats what says the manual)

     

    4 Question

    When the AP is contained it will prevernt Anyone from connect to it ? and i mean EVERYONE not just valid client

     

    I hope  im right in my statements as i think im actually finally undesrtanding how does this work.... this will help me a LOT when trying to explain a client how does the IPS works...



  • 4.  RE: Valid client list
    Best Answer

    EMPLOYEE
    Posted Aug 29, 2012 08:19 PM
    @NightShade1 wrote:

    Hello Collin

    Thank you very much agian for your time in aswering!

    So if i did instead of death only i did tarpt non valid station this is what would happen i just want to confirm if im right or totally wrong

     

    Let say i got  this 2 scenarios also got  2 question...

     

    1 Scenario(tarpid non valid station)

    A valid client try  to connect to a non valid AP it will still prevent that client to connect to the nonvalidSSID and will let him to connect still to the aruba ssid

     

    2 Scenario (arpid all station)

    If i got configured tarpid all station... then in this case if the client tried to connect to the nonvalidssid, it wont let him connect to the nonvlaid ssid and also  it will be blacklisted and it wont let him connect to my valid SSIDs?

     

    3 Question

    APs just get tarpd IF i manually contain it, OR its contained because its a rogue AP and the checkbox of cotain rogue ap is on or suspect rogue ap and when the ips does tell you it would do right like when he detect an impersonating AP  he will tarpid that AP and also the real one(or at least thats what says the manual)

     

    4 Question

    When the AP is contained it will prevernt Anyone from connect to it ? and i mean EVERYONE not just valid client

     

    I hope  im right in my statements as i think im actually finally undesrtanding how does this work.... this will help me a LOT when trying to explain a client how does the IPS works...

    1. yes

    2. yes

    3.  It will be contained if you mnaually contain it, yes.  It will also conain a rogue ap if you hae it set to do thst automaticaly.

    4. Yes.

     

    The best thing you can do to configure it is to use the WIPs wizard..

     



  • 5.  RE: Valid client list

    Posted Aug 29, 2012 08:24 PM

    yes i know that Collin... but im just trying to understand how everything works i just dont want to next next next finish and dont understand what im doing....

     

    My last questoin regarding this and really sorry again for bothering you soo much

     

    i can see the manually contained aps

    i can see also the rogues aps and well if i select to automatically cotain them yeah i know they are contained...

    But let say justthis example

    Let say i got an inpersonating attack and the IPS contain it automatically will i see it as a rogue AP? or where will i see that AP?

    Is there a command in which i can see all the contained APs let say all the manually and also Automatically contained APs?



  • 6.  RE: Valid client list

    EMPLOYEE
    Posted Aug 29, 2012 08:28 PM

    "show wms ap-list" is your friend.

     

    The rogue AP designation is only for an access point that is on your network AND broadcasting.  You can also manually set an AP to rogue if you want.

     

    Other attacks like AP impersonation do not set the AP as rogue, but show up as attacks in the wireless log...

     



  • 7.  RE: Valid client list

    Posted Aug 29, 2012 08:31 PM

    Okay Thanks Collin

    i really apreciate your help!

     

    Cheers

    Carlos



  • 8.  RE: Valid client list

    Posted Apr 27, 2014 11:53 AM

    Collin

    When a valid client is put on the list let say

    I connect this computer to the Aruba Wireless, he put it on the list

    How much time he will leave it there(in the vlalid client list )  after disconnecting?  let suppose its an encrypted valid client.

     

    Cheers

    Carlos