Question: What are the factors by which a controller differentiates between a suspected-rogue AP and Rogue-AP?
When the AM is doing classification, the MAC address has to match the entire GW MAC to classify as a rogue.If it matches only the OUI of the GW MAC, it is classified as a suspected-rogue. There is a component of the rogue classification that looks at MAC OUI: when doing classification on a tagged vlan which is trunked to an Aruba AM, the MAC OUI of the tagged vlan gateway has to be the same as the MAC OUI of the AM’s native gateway in order for the AM to recognize a MAC address that it sees on the tagged vlan as a gateway MAC. Once it knows the gateway MAC of the tagged vlan, it will try to match that entire GW MAC to classify as a rogue, or it will match just the OUI of that GW MAC for a suspected-rogue classification. If the MAC OUI of the tagged vlan gateway was not the same as the MAC OUI of the AM’s native gateway (i.e., if Rogue's GW and Aruba AM's GW-ADDR are different vendors). Aruba would not be able to discover the GW MAC of the tagged vlan.There's a workaround if any deployment has run into such a situation. It is to add the tagged vlan gateway MAC to the Valid Wired MACs list. After doing this, Aruba controller will take that MAC address in the Valid Wired MACs list, and try to match that entire MAC for a rogue classification, just the OUI of that MAC for a suspected-rogue classification.Some useful commands to validate the Rogue Vs Suspected-rogue scenarios:(Aruba) (config) #show ids general-profile <profile-name>(Aruba) (config) #show ap active(Aruba) (config) #show ap monitor ap-list ap-name <ap-name>(Aruba) (config) #show ap arm history ap-name <ap-name>(Aruba) (config) #show ap monitor containment-info ap-name <ap-name>(Aruba) (config) #show wms rogue-ap <bssid>(Aruba) (config) #show ap monitor stats ap-name <ap-name> mac <mac-addr>
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.