Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 7
Registered: ‎06-18-2013

Adding Non Aruba APs as authorized APs.

I have a basic question. 

Can Aruba IAP be used to control non-Aruba APs.

I already have a network, with non Aruba APs, in which I deployed the Aruba IAP to detect rogue APs.

But I could not find a way to add the existing APs as authorized APs. (Even after disabling the Auto Join mode and adding the AP manually, it is shown as non-active while the AP is up and distributing the network) 

 

Thanks

Moderator
Posts: 681
Registered: ‎04-16-2009

Re: Adding Non Aruba APs as authorized APs.

IAPs can only manage other IAPs.  

 

An IAP, however, can detect and quarantine Rogue Access points.

Occasional Contributor I
Posts: 7
Registered: ‎06-18-2013

Re: Adding Non Aruba APs as authorized APs.

Thanks AirHeads. 

Appreciate your quick response. 

 

Does that mean a non-Auba AP can not be configured as authorised AP in Aruba instant. 

Also, Does the Rogue AP containment requires RFProtect license or something like Mobility Access Switch or some special configuration as I could not contain a test Rogue AP using wired containment and Rogue containment protections.

 

Thanks.

Moderator
Posts: 681
Registered: ‎04-16-2009

Re: Adding Non Aruba APs as authorized APs.

From a management perspective, IAPs can only manage IAPs.

 

When you refer to "authorised AP" are you referring to the ability to manage it or are you referring to taking an AP that has been flagged as a Rogue and changing its flagged status to "Neighbor" or "Authorized".

 

IAPs do not require any SW licensing -- all features are built-in including Rogue detection and containment.  The IAP can do containment on its own; however, if you are using it with a Mobility Access Switch (MAS) the MAS can also do containment.  The IAP will tell the MAS the BSSID (MAC) of the Rogue then the MAS will disable the port and PoE where the Rogue is connected (on access port) or blacklist the MAC of the Rogue plus any clients connected to the Rogue (on Trunk ports).

Occasional Contributor I
Posts: 7
Registered: ‎06-18-2013

Re: Adding Non Aruba APs as authorized APs.

 

When I refer to authorized APs, I am referring to taking an AP that has been flagged as a Rogue and changing its flagged status to "Neighbor" or "Authorized". How can that be done. 

 

Also, I could not contain a test rogue AP. The clients were still able to connect to it. am I missing something..?

 

Thanks.

Moderator
Posts: 681
Registered: ‎04-16-2009

Re: Adding Non Aruba APs as authorized APs.

In IAP the classification cannot be changed like it can in our controller-based solutions.

 

Clients cannot be prevented from connected to a Rogue AP.  Once they connect we can deauthenticate them.  We can also present a 'Tarpit' which is a fake copy of the Rogue.  Hopefully the client drivers will find the Tarpit more attactive that the Rogue and stay connected to the Tarpit.  See the attached screen capture.

 

rogue.jpg

Occasional Contributor I
Posts: 7
Registered: ‎06-18-2013

Re: Adding Non Aruba APs as authorized APs.

Thanks for clarifying my doubts Marcus.

 

+If classification can not be changed, is there a way that a Non Aruba AP is not classified as Rogue in firat place..

 

+ If clients can not be stopped from conencting to Rogue AP, How can I make sure that the AP that has been classified as Rogue as contained, when Rogue containment and Wired Containment is on..?

 

Thanks,
Atul

 

Moderator
Posts: 681
Registered: ‎04-16-2009

Re: Adding Non Aruba APs as authorized APs.

Be sure you enable Infrastructure protection in case you have not already which is required to enable containment. Also, enable Client Protection which enables "Protect Valid Station".  If a client connects to a Rogue this Deauth's the client off the Rogue.

 

Lastly, take a look at the IAP CLI reference guide for several commands that can help troubleshoot containment.

 

rogue1.jpg

Occasional Contributor I
Posts: 7
Registered: ‎06-18-2013

Re: Adding Non Aruba APs as authorized APs.

What can I do to make non Aruba AP authorised i.e it is not classified as Rogue AP?

 

Thanks

Moderator
Posts: 681
Registered: ‎04-16-2009

Re: Adding Non Aruba APs as authorized APs.

In IAP the Rogue AP classification cannot be changed like it can in our controller-based solutions.

Search Airheads
Showing results for 
Search instead for 
Did you mean: