Dell PowerConnect W-Airwave Configuration Manual page 64

Table 9 Aruba Configuration > WLANs > Advanced Page Fields (Continued)
Field
HA Discovery on
Association
DoS Prevention
Station Blacklisting
Blacklist Time
Authentication
Failure Blacklist
Time
Fast Roaming
Strict Compliance
VLAN Mobility
64 | Aruba Configuration Reference
Default Description
No Enable or disable HA discovery on Association. In normal circumstances a
controller performs an HA discovery only when it is aware of the client's IP
address which it learns through the ARP or any L3 packet from the client.
This limitation of learning the client's IP and then performing the HA
discovery is not effective when the client performs an inter switch move
silently (does not send any data packet when in power save mode). This
behavior is commonly seen with various handheld devices, Wi-Fi phones,
etc. This delays HA discovery and eventually resulting in loss of
downstream traffic if any meant for the mobile client.
With HA discovery on association, a controller can perform a HA discovery
as soon as the client is associated. This feature can be enabled using the
ha-disc-on assoc parameter in the WLAN virtual <ap-profile>
command. By default, this feature is disabled. You can enable this on
virtual APs with devices in power-save mode and requiring mobility. This
option will also poll for all potential HAs.
No Enable or disable DoS prevention functions, as defined in virtual AP
profiles.
Yes Enable or disable DoS prevention functions, as defined in virtual AP
profiles. The blacklisting option can be used to prevent access to clients
that are attempting to breach the security.
When a client is blacklisted in the Aruba system, the client is not allowed to
associate with any AP in the network for a specified amount of time. If a
client is connected to the network when it is blacklisted, a de-
authentication message is sent to force the client to disconnect. While
blacklisted, the client cannot associate with another SSID in the network.
3600 If station blacklisting is enabled, specify the time in seconds for which
blacklisting is enabled. When a client is blacklisted in the Aruba system,
the client is not allowed to associate with any AP in the network for a
specified amount of time.
3600 You can configure a maximum authentication failure threshold in seconds
for each of the following authentication methods:
802.1x
MAC
Captive portal
VPN
When a client exceeds the configured threshold for one of the above
methods, the client is automatically
blacklisted by the controller, an event is logged, and an SNMP trap is sent.
By default, the maximum authentication failure threshold is set to 0 for the
above authentication methods, which means that there is no limit to the
number of times a client can attempt to authenticate.
With 802.1x authentication, you can also configure blacklisting of clients
who fail machine authentication.
NOTE: This requires that the External Services Interface (ESI) license be
installed in the controller.
NOTE: When clients are blacklisted because they exceed the
authentication failure threshold, they are blacklisted indefinitely by default.
You can configure the duration of the blacklisting;
No Fast roaming is a component of virtual AP profiles in which client devices
are allowed to roam from one access point to another without requiring
reauthentication by the main RADIUS server.
No Define whether clients should have strict adherence to settings on this
page for network access.
No Define whether clients in the WLAN and VLAN should have mobility or
roaming privileges.
AirWave Wireless Management Suite | Configuration Guide