Reply
New Contributor
Posts: 2
Registered: ‎07-19-2013

WIPS

Hi Experts,

 

Is there any design consideration for WIPS to work , do we required any dedicated devices  to achive this with in the network .

 

Thanks

CaPTi

 

 

Aruba Employee
Posts: 148
Registered: ‎11-25-2009

Re: WIPS

Hi, 

 

Its recommended to have an Airmonitor in trunk port to detect and contain the rougues. 

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
New Contributor
Posts: 2
Registered: ‎07-19-2013

Re: WIPS

HI Vinod Kumar ,

 

what all are the limitation if I have no Airmonitor ,

 

Thanks

CaPTi

Aruba Employee
Posts: 26
Registered: ‎09-25-2011

Re: WIPS

Detection of rogue APs involves seeing traffic from the rogue in the air, and the correlating that information with traffic seen on the wire.

  • Prior to 6.0 - An AP or AM was needed on every VLAN for detection. Typical methodology was to trunk all local VLANs to a local AM.
  • In 6.0 - Only a single AP or AM needed to see all VLANs, and could share that information with other APs and AMs for correlation.
  • In 6.1 - The controller can have all user VLANs trunked and share information with APs and AMs.

Note that even with the changes in 6.0/6.1, you must still have an AP on the VLAN to perform wired containment.

 

Thanks

MKS
Aruba Employee
Posts: 148
Registered: ‎11-25-2009

Re: WIPS

AP can do a process of WIPS. However, the main use of AP is to serve the clients. so we have dedicated Airmonitors which can police the AIR and wire. we recommend to have 6: 1 AP: AM radio. 

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Aruba Employee
Posts: 26
Registered: ‎09-25-2011

Re: WIPS

Yes, APs can perform standard wireless deauth and advanced tarpitting containment. But they will focus on client traffic and AMs are recommended for containment. APs are very effective at containing rogues on their home channels. They will not change channel to contain a rogue device if any users are associated.

 

Approximately 4 minutes. Every 10 seconds the AP will spend 100 ms off channel scanning for rogue devices.

 

AMs should be deployed in extremely high security environments or environments that require wireless containment.  AMs will detect attacks and rogues faster since they are dedicated to scanning channels.  AMs excel at containment and will make it a priority.  APs will prioritize client traffic over scanning or containment especially voice calls and video traffic. Because of this, AMs are recommended for customers planning to run wireless containment.  AM data is used in conjunction with AP data to determine threats.  The APs spend most of their time watching for issues on their channels while the AMs will be scanning everywhere.

 

Thanks,

MKS
Aruba Employee
Posts: 148
Registered: ‎11-25-2009

Re: WIPS

HI, 

 

Please refer the following forum i pasted will help you use of AM in the process of WIPS> 

 

http://community.arubanetworks.com/t5/Airheads-Expert-Day-July-18-19/Why-should-a-customer-deploy-AMs/td-p/86976

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.