Aruba Instant & Cloud Wi-Fi

Reply
MVP
Posts: 702
Registered: ‎12-01-2010

iAP "prefered master" question

I started reading the iAP VRD and got to page 15 before a question occured to me.

 

(some background: I'm also on the security team, and tend to think like a hacker)

 

If I have a cluster of iAP at a location and a bad-guy wanted to hijack my WLAN, would connecting a maliciously configured iAP with the prefered-master box checked effectively hijack my cluster if I haven't checked that box?

 

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: iAP "prefered master" question

Yes, if he has access to the IAP management VLAN.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 702
Registered: ‎12-01-2010

Re: iAP "prefered master" question

Joy.

 

Of course I protect access to that VLAN so it'll be hard to get access. The most likely scenario would be to pull down one of my iAP and plug in his own.

 

If I don't allow new iAP to auto-join, will the bad-guy's iAP just form its own cluster and leave mine alone?

Also, I set Airwave management in DHCP, will that allow me to hijack bad-guy's iAP?

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Guru Elite
Posts: 7,847
Registered: ‎09-08-2010

Re: iAP "prefered master" question

This is why edge network security is important :)

Sent from Nine<>

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: iAP "prefered master" question

You would have to accept the attacker's AP in the New AP list for that to happen.  Only whitlisted APS are automatically managed by Airwave.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Guru Elite
Posts: 7,847
Registered: ‎09-08-2010

Re: iAP "prefered master" question

Authenticating your edge network would prevent someone from pulling one down and getting on.

Sent from Nine<>

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: