Configuring Client Exclusion

Configuring Client Exclusion Policies (GUI)

Step 1   Choose Security > Wireless Protection Policies > Client Exclusion Policies to open the Client Exclusion Policies page.
Step 2   Select any of these check boxes if you want the controller to exclude clients for the condition specified. The default value for each exclusion policy is enabled.

  • Excessive 802.11 Association Failures—Clients are excluded on the sixth 802.11 association attempt, after five consecutive failures.
  • Excessive 802.11 Authentication Failures—Clients are excluded on the sixth 802.11 authentication attempt, after five consecutive failures.

  • Excessive 802.1X Authentication Failures—Clients are excluded on the fourth 802.1X authentication attempt, after three consecutive failures.

  • IP Theft or IP Reuse—Clients are excluded if the IP address is already assigned to another device.
  • Excessive Web Authentication Failures—Clients are excluded on the fourth web authentication attempt, after three consecutive failures.

Issue the below command to see the time left when the client is excluded. default time is set to 60 sec.

show exclusionlist  (我们可以通过show wps summary去查看开启了哪些exclusion policy)

Information similar to the following appears:

(Cisco Controller) >show exclusionlist

Dynamically Disabled Clients

----------------------------

  MAC Address             Exclusion Reason        Time Remaining (in secs)

  -----------             ----------------        ------------------------

00:40:96:b4:82:55         802.1X Failure          	51

(Cisco Controller) >show wps summary      

Auto-Immune
  Auto-Immune.................................... Disabled
  Auto-Immune by aWIPS Prevention................ Disabled

Client Exclusion Policy
  Excessive 802.11-association failures.......... Enabled
  Excessive 802.11-authentication failures....... Enabled
  Excessive 802.1x-authentication................ Enabled
  IP-theft....................................... Enabled
  Excessive Web authentication failure........... Enabled
  Maximum 802.1x-AAA failure attempts............ 3

Signature Policy
  Signature Processing........................... Enabled

Management Frame Protection
  Global Infrastructure MFP state................ DISABLED (*all infrastructure settings are overridden)
  AP Impersonation detection..................... Disabled
  Controller Time Source Valid................... False

                                    WLAN       Client
WLAN ID  WLAN Name                  Status     Protection
-------  -------------------------  ---------  ----------
1        Hello                      Disabled   Optional

详细的CLI链接配置:https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010110101.html

WLC exclusionlist的更多相关文章

  1. SP2-0734: 未知的命令开头 "exp wlc/ra..." - 忽略了剩余的行。

    SP2-0734: 未知的命令开头 "exp wlc/ra..." - 忽略了剩余的行. 原来只需要在  $exp wlc/radial_wlc123@ora11g owner=w ...

  2. WLC license管理

    关于控制器的license,可以参考对应平台的Datasheet: Cisco 2504 WLC Cisco 3504 WLC Cisco 5508 WLC Cisco 5520 WLC Cisco ...

  3. WLC配置LAG

    在一般的网络环境中,为了让网络更加的可靠,冗余性更好,会对WLC和对端的设备配置LAG. 如下是一个基本的示例topo(VSS的情况下建议的连接方式): 一般情况下的连接方式: 一般来说配置比较简单, ...

  4. WLC开机卡在launching....(变砖)

    1.出现故障的原因:A.通过手动更换镜像导致Boot Loader Menu Run primary image (7.0.220.0) - ActiveRun backup image (7.0.2 ...

  5. WLC RTU license

    目前思科的某些WLC不是一定要license文件去安装,例如这里提到的RTU license. RTU:Right To Use Right to Use (RTU) licensing is a m ...

  6. WLC HA (for AP)?

    在WLC的配置上,如果有AP注册到WLC,我们实际上可以看到两部分配置: part I part II 问题来了,那么这两部分是什么关系呢?是不是一样的呢? 从目前的了解来看,我的认知是这两个配置都是 ...

  7. 案例:WLC HA主WLC进入维护模式

    案例场景: 如图所示,7609-1和7609-2分别是网络中的核心设备,起了HSRP,7609-1连接的是WLC-1,,7609-2连接的是WLC-2,WLC1和WLC2的RP口相互连接. WLC的管 ...

  8. WLC Crash采集什么信息?

    WLC和思科的路由器交换机不同,Cisco的WLC采用的是AireOS. 如果WLC crash或无故重启,可以尝试采集如下信息: AireOS WLC version 8.0.140.0 or hi ...

  9. WLC HA模式下的注意事项

    管理控制器:1.控制器默认开启的是SSH (CLI),Secure Web/https (GUI)2.登录控制器的管理地址为Active设备所控制(主备的配置同步,所以管理地址一致)3.WLC HA状 ...

随机推荐

  1. DataFrames,Datasets,与 SparkSQL

    v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VM ...

  2. MySQL学习(十一)double write 介绍 (半原创)

    复习 Innodb关键的特性 插入缓存 两次写 异步IO 刷新邻近页 自适应哈希索引 概述 double write 的主要的作用是保证写入数据库文件的可靠性.通俗地说就是一份数据写两个地方,当出现异 ...

  3. Unity手机端手势基本操作

    主要有单指移动3D物体.单指旋转3D物体.双指缩放3D物体. 基类 using UnityEngine; using System.Collections; /// <summary> / ...

  4. Django视图层、模板层

    过滤器方法 upper 大写方式输出 add 给value加上一个数值 capfirst 第一个字母大写 center 输出指定长度的字符串,把变量居中 cut 删除指定字符串 date 格式化日期 ...

  5. Go时间

    package main import ( "time" "fmt" "math/rand" ) func main() { /* time ...

  6. python操作oracle完整教程

    1.    连接对象 操作数据库之前,首先要建立数据库连接.有下面几个方法进行连接. >>>import cx_Oracle>>>db = cx_Oracle.co ...

  7. confluence-工具安装

    wiki 企业级的应用知识库,个人感觉还是很不错的,所以自己本地也搭一个玩玩: 1.下载confluence wget https://downloads.atlassian.com/software ...

  8. Docker 上安装、启动 MySQL

    在docker仓库中搜索mysql的镜像: docker search mysql ; 下载镜像,这里我们安装 5.7 版本 docker pull mysql:[TAG]; 不写TAG默认拉取最新版 ...

  9. Codeforces Gym 102392F Game on a Tree (SEERC2019 F题) 题解

    题目链接:https://codeforces.com/gym/102392/problem/F 题意:被这题题意坑了很久,大意是说有一棵根为 \(1\) 的树,每个节点初始都是白色, \(Alice ...

  10. Docker学习笔记(1):CentOS7安装Docker

    Docker是一个基于Go语言实现的开源应用容器引擎,通过对应用组件的封装.分发.部署.运行等生命周期的管理,使程序及其运行环境能够做到"一次封装,到处运行". Docker架构 ...