Configuring Client Exclusion

Configuring Client Exclusion Policies (GUI)

Step 1   Choose Security > Wireless Protection Policies > Client Exclusion Policies to open the Client Exclusion Policies page.
Step 2   Select any of these check boxes if you want the controller to exclude clients for the condition specified. The default value for each exclusion policy is enabled.

  • Excessive 802.11 Association Failures—Clients are excluded on the sixth 802.11 association attempt, after five consecutive failures.
  • Excessive 802.11 Authentication Failures—Clients are excluded on the sixth 802.11 authentication attempt, after five consecutive failures.

  • Excessive 802.1X Authentication Failures—Clients are excluded on the fourth 802.1X authentication attempt, after three consecutive failures.

  • IP Theft or IP Reuse—Clients are excluded if the IP address is already assigned to another device.
  • Excessive Web Authentication Failures—Clients are excluded on the fourth web authentication attempt, after three consecutive failures.

Issue the below command to see the time left when the client is excluded. default time is set to 60 sec.

show exclusionlist  (我们可以通过show wps summary去查看开启了哪些exclusion policy)

Information similar to the following appears:

(Cisco Controller) >show exclusionlist

Dynamically Disabled Clients

----------------------------

  MAC Address             Exclusion Reason        Time Remaining (in secs)

  -----------             ----------------        ------------------------

00:40:96:b4:82:55         802.1X Failure          	51

(Cisco Controller) >show wps summary      

Auto-Immune
  Auto-Immune.................................... Disabled
  Auto-Immune by aWIPS Prevention................ Disabled

Client Exclusion Policy
  Excessive 802.11-association failures.......... Enabled
  Excessive 802.11-authentication failures....... Enabled
  Excessive 802.1x-authentication................ Enabled
  IP-theft....................................... Enabled
  Excessive Web authentication failure........... Enabled
  Maximum 802.1x-AAA failure attempts............ 3

Signature Policy
  Signature Processing........................... Enabled

Management Frame Protection
  Global Infrastructure MFP state................ DISABLED (*all infrastructure settings are overridden)
  AP Impersonation detection..................... Disabled
  Controller Time Source Valid................... False

                                    WLAN       Client
WLAN ID  WLAN Name                  Status     Protection
-------  -------------------------  ---------  ----------
1        Hello                      Disabled   Optional

详细的CLI链接配置:https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010110101.html

最新文章

  1. js自动提示查询添加功能(不是自动补全)
  2. 基础编程-java之股神
  3. Exception&Error
  4. StringGrid 实例3: 本例功能: 1、修改 TStringGrid的默认宽与高; 2、添加行; 3、确认当前单元并赋值.
  5. EXTJS 4.2 资料 控件之btn设置可否点击
  6. linux 配置Socks5
  7. DNS加速之“智能DNS”跟“双线加速”、“CDN加速”的区别
  8. 浏览器d判断
  9. GitHub 优秀Android 开源项目
  10. css学习の第二弹—文字格式化排版
  11. oracle 表所占空间统计
  12. oracle自治事务(PRAGMA AUTONOMOUS_TRANSACTION)
  13. python抓取电影<海王>影评词云生成
  14. JMeter 线程组之Stepping Thread Group插件介绍
  15. Learning-MySQL【4】:表的操作管理和 MySQL 的约束控制
  16. Android中使用adb访问SQLite的方法
  17. 转:[你必须知道的异步编程]——异步编程模型(APM)
  18. 论文阅读:Prominent Object Detection and Recognition: A Saliency-based Pipeline
  19. JSONObject获取的值有时候不是String类型,而有时候又是String类型,怎么办呐
  20. SVN相关命令

热门文章

  1. DFT计算过程详解
  2. 解析python 生产/消费者模型实现过程
  3. Scrapy爬虫基本使用
  4. php一些实用的自制方法
  5. Axure licensee key 8~9-转
  6. bugku come_game
  7. linux安装tomcat步骤
  8. 【StarUML】时序图
  9. 什么是this指针?this的几种指向
  10. CPI和PPI,谁代表了通膨?