Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
34915
Views
0
Helpful
4
Replies

client exclusion of WLC

Go to solution
frankieng
Level 1
Level 1

‎06-23-2014 11:11 AM - edited ‎07-05-2021 01:04 AM

Hi

I would like to ask that is wireless client MAC address has been assgin to Excluded Clients, does the WLC will ignore the "auth request" during the exclustion period?

Frankie

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
abwahid
Level 4
Level 4

‎07-22-2014 07:30 PM

Hi,

Yes WLC will ignore the auth request as per exclusion policy you set.

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Saurav Lodh
Level 7
Level 7

‎07-09-2014 04:33 AM

Configuring Client Exclusion Policies (GUI)

    Step 1   Choose Security > Wireless Protection Policies > Client Exclusion Policies to open the Client Exclusion Policies page.
    Step 2   Select any of these check boxes if you want the controller to exclude clients for the condition specified. The default value for each exclusion policy is enabled.
    • Excessive 802.11 Association Failures—Clients are excluded on the sixth 802.11 association attempt, after five consecutive failures.
    • Excessive 802.11 Authentication Failures—Clients are excluded on the sixth 802.11 authentication attempt, after five consecutive failures.

    • Excessive 802.1X Authentication Failures—Clients are excluded on the fourth 802.1X authentication attempt, after three consecutive failures.

    • IP Theft or IP Reuse—Clients are excluded if the IP address is already assigned to another device.
    • Excessive Web Authentication Failures—Clients are excluded on the fourth web authentication attempt, after three consecutive failures.

    Issue the below command to see the time left when the client is excluded. default time is set to 60 sec. 

    show exclusionlist

    Information similar to the following appears:

    
            
          
Dynamically Disabled Clients
----------------------------
  MAC Address             Exclusion Reason        Time Remaining (in secs)
  -----------             ----------------        ------------------------

00:40:96:b4:82:55         802.1X Failure          	51
    0 Helpful

    Go to solution
    gabriel.lima.caitano
    Level 1
    Level 1
    In response to Saurav Lodh

    ‎11-07-2023 05:35 AM

    Hello, are these values default settings? For instance, can I change them? Can I, for example, change the 'Excessive 802.1X Authentication Failures' to 5 instead of 4?

    0 Helpful

    Go to solution
    abwahid
    Level 4
    Level 4

    ‎07-22-2014 07:30 PM

    Hi,

    Yes WLC will ignore the auth request as per exclusion policy you set.

     

    0 Helpful

    Go to solution
    George Stefanick
    VIP Alumni
    VIP Alumni

    ‎07-23-2014 09:37 AM

    Actually, I think it ignores the probes, not the AUTHs. Going off memory .. 

    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ___________________________________________________________
    0 Helpful
    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Customers Also Viewed These Support Documents
    Review Cisco Networking products for a $25 gift card