Access Points

Reply
Occasional Contributor I

Air Monitors & Rogue AP Detection

Hello All:
I have an Aruba 6000 in a large enterprise environment. Many vlans on the wired side of the network.

I plan on deploying dedicated air monitors.

Questions:

1. If my air monitor is plugged into a vlan 5 switch access port, and somebody comes along and plugs a rogue into a vlan 10 switch access port, is the rogue going to be accurately detected/classified?

2. How do I ensure that rogues are properly detected in any of my vlans, without actually having air monitors present in each of those vlans?

Thanks in advance.
Aruba Employee

Re: Air Monitors & Rogue AP Detection

Hi Joe,

1. It will see it in the air, but it won't be able to correlate that with the wired side, so it will remain as interfering instead of being classed as rogue. If you have AirWave as well you could do some additional sophisticated rules about signal strength, number of APs seeing the rogue, etc.

2. The AMs need to see the wired traffic, so the easiest thing to do is plug them into trunk ports. You were already considering dedicated VLANs, and you can make the native VLAN the AM VLAN, but trunk the rest of the VLANs on the switch to the AP. You don't have to change what you were trying to do and you effectively get an AM on all VLANs.

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Occasional Contributor I

Thanks.

Andy,
Thanks for the input. Connecting the air monitor to a trunk was going to be my first plan of attack.
Occasional Contributor I

Re: Air Monitors & Rogue AP Detection

Hey there. What we do in our environment (since we had the same challenge) using Airwave is to also add our routers and switches in monitoring mode only. This way Airwave receives the ARP tables for IP Addressing along with the Bridge Forwarding table for vlans. We set triggers/alerts for wireless and wireline Rogue detection.
Hope this helps some.
Aruba Employee

Re: Air Monitors & Rogue AP Detection

Hi Tammy,

That's is a good solution if AirWave is involved and you can monitor the router and switch tables. You'll effectively get the same thing as trunking to the APs, with AirWave handling the classification. You can then push that classification down to the controllers if you want to do automatic containment.

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: