Controller Based WLANs

How to Make the AP learn the Gateway mac if it is HSRP/VRRP

Aruba Employee
Q:

How to Make the Ap learn the Gateway mac if it is HSRP/VRRP



A:

Design

 

By default we ignore gateway MAC’s with VRRP or HSRP addresses and because of which we may end up detecting the AP as a suspect  rogue with 20% (matched just on Ethernet MAC).

 

Reason

 

 

If you have two enterprises class companies in the same location it is very possible that they would be using Cisco HSRP or VRRP as the router address, so it is very possible for us to incorrectly determine an AP is a rogue if the customer next door just happens to have a HSRP interface - which happens to match your own

 

To be done

 

We have to enable the following option in IDS for the Ap to learn he gateway if it’s configured as HSRP

ids unauthorized-device-profile "default"

   allow-well-known-mac hsrp

Version history
Revision #:
2 of 2
Last update:
‎06-01-2015 11:47 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.