WLC exclusionlist

最新推荐文章于 2021-08-10 00:38:13 发布

weixin_30553065

最新推荐文章于 2021-08-10 00:38:13 发布

阅读量144

点赞数

原文链接：http://www.cnblogs.com/MomentsLee/p/10570151.html

版权

Configuring Client Exclusion

Configuring Client Exclusion Policies (GUI)

Step 1

Choose Security > Wireless Protection Policies > Client Exclusion Policies to open the Client Exclusion Policies page.

Step 2

Select any of these check boxes if you want the controller to exclude clients for the condition specified. The default value for each exclusion policy is enabled.

Excessive 802.11 Association Failures—Clients are excluded on the sixth 802.11 association attempt, after five consecutive failures.
Excessive 802.11 Authentication Failures—Clients are excluded on the sixth 802.11 authentication attempt, after five consecutive failures.
Excessive 802.1X Authentication Failures—Clients are excluded on the fourth 802.1X authentication attempt, after three consecutive failures.
IP Theft or IP Reuse—Clients are excluded if the IP address is already assigned to another device.
Excessive Web Authentication Failures—Clients are excluded on the fourth web authentication attempt, after three consecutive failures.

Issue the below command to see the time left when the client is excluded. default time is set to 60 sec.

show exclusionlist （我们可以通过show wps summary去查看开启了哪些exclusion policy）

Information similar to the following appears:

(Cisco Controller) >show exclusionlist

Dynamically Disabled Clients
----------------------------
MAC Address Exclusion Reason Time Remaining (in secs)
----------- ---------------- ------------------------

00:40:96:b4:82:55 802.1X Failure 51

(Cisco Controller) >show wps summary

Auto-Immune
Auto-Immune.................................... Disabled
Auto-Immune by aWIPS Prevention................ Disabled

Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Maximum 802.1x-AAA failure attempts............ 3

Signature Policy
Signature Processing........................... Enabled

Management Frame Protection
Global Infrastructure MFP state................ DISABLED (*all infrastructure settings are overridden)
AP Impersonation detection..................... Disabled
Controller Time Source Valid................... False

WLAN Client
WLAN ID WLAN Name Status Protection
------- ------------------------- --------- ----------
1 Hello Disabled Optional

详细的CLI链接配置：https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010110101.html

转载于:https://www.cnblogs.com/MomentsLee/p/10570151.html

weixin_30553065

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
WLC exclusionlist

Configuring Client ExclusionConfiguring Client Exclusion Policies (GUI)Step1 Choose Security > Wireless Protection Policies > Client Exclusion Policies to open the Client Exclu...
复制链接

扫一扫