Imagine the situation. You're in a customer meeting updating them on the latest and greatest from Aruba. With nothing more than a RAP3 and an internet connection you have the power of the full Aruba Clearpass suite ready and poised for demo.
I connect the RAP3 to the customer's wired internet line, we wait a few minutes, for it to connect and bring up the VPN to our remote demo, it's not looking good. A PIX firewall is suspected and there isn't time to fix it right away.
Not to worry, there's a good guest wireless service being offered from the existing Aruba wireless system. I know that NATT is allowed out as my VIA client is working across it, so I'll connect to that then bridge this through my laptop's wired port to the RAP3. All is looking good, until I get disconnected from the guest wifi?????
OK, I am not going to be defeated, and am determined to show something to the customer. They have a number of smaller branch offices that would be well served with Instant. A quick prod with a paperclip and the RAP3 is reset to Instant mode, another reboot and we'll be in business. I see the Instant SSID and connect from my iPad, open the Instant GUI, and it is terribly slow/unresponsive. Today is not my lucky day!
What actually happened here?
The customer has an excellently deployed and configured Aruba controller based wireless system. Although much of it is based on legacy controllers and APs, it immediately:
Detected an attempt to bridge wireless to wired on the guest network and blocked this
Detected a rogue AP connected to the wired infrastructure (the RAP3 in Instant mode) and blocked my iPad client from sending traffic to it.
Reviewing the logs on the controller we were able to see all of this and identify the rogue client as an iPad on SSID Instant.
An excellent and unintended demo of the comprehensive security features available on Aruba equipment, which although configured, the customer had never seen in action.
Suffice to say, I'll be back to this customer forearmed and ready to demo again.
Hope you enjoyed this story
regards
Neil