06-18-2013 08:48 AM
I have a basic question.
Can Aruba IAP be used to control non-Aruba APs.
I already have a network, with non Aruba APs, in which I deployed the Aruba IAP to detect rogue APs.
But I could not find a way to add the existing APs as authorized APs. (Even after disabling the Auto Join mode and adding the AP manually, it is shown as non-active while the AP is up and distributing the network)
06-18-2013 08:59 AM
Appreciate your quick response.
Does that mean a non-Auba AP can not be configured as authorised AP in Aruba instant.
Also, Does the Rogue AP containment requires RFProtect license or something like Mobility Access Switch or some special configuration as I could not contain a test Rogue AP using wired containment and Rogue containment protections.
06-18-2013 09:07 AM
From a management perspective, IAPs can only manage IAPs.
When you refer to "authorised AP" are you referring to the ability to manage it or are you referring to taking an AP that has been flagged as a Rogue and changing its flagged status to "Neighbor" or "Authorized".
IAPs do not require any SW licensing -- all features are built-in including Rogue detection and containment. The IAP can do containment on its own; however, if you are using it with a Mobility Access Switch (MAS) the MAS can also do containment. The IAP will tell the MAS the BSSID (MAC) of the Rogue then the MAS will disable the port and PoE where the Rogue is connected (on access port) or blacklist the MAC of the Rogue plus any clients connected to the Rogue (on Trunk ports).
06-18-2013 09:14 AM
When I refer to authorized APs, I am referring to taking an AP that has been flagged as a Rogue and changing its flagged status to "Neighbor" or "Authorized". How can that be done.
Also, I could not contain a test rogue AP. The clients were still able to connect to it. am I missing something..?
06-18-2013 03:17 PM
In IAP the classification cannot be changed like it can in our controller-based solutions.
Clients cannot be prevented from connected to a Rogue AP. Once they connect we can deauthenticate them. We can also present a 'Tarpit' which is a fake copy of the Rogue. Hopefully the client drivers will find the Tarpit more attactive that the Rogue and stay connected to the Tarpit. See the attached screen capture.
06-19-2013 08:42 AM
Thanks for clarifying my doubts Marcus.
+If classification can not be changed, is there a way that a Non Aruba AP is not classified as Rogue in firat place..
+ If clients can not be stopped from conencting to Rogue AP, How can I make sure that the AP that has been classified as Rogue as contained, when Rogue containment and Wired Containment is on..?
06-19-2013 09:39 AM
Be sure you enable Infrastructure protection in case you have not already which is required to enable containment. Also, enable Client Protection which enables "Protect Valid Station". If a client connects to a Rogue this Deauth's the client off the Rogue.
Lastly, take a look at the IAP CLI reference guide for several commands that can help troubleshoot containment.