Controller Based WLANs

How to configure Aruba controller to detect a hotspot broadcasting its WLAN and manually contain it?

Requirement:

Requirement:

1. Aruba Controller running minimum AOS: 6.0 and above

2. RF Protect License.



Solution:

 

This Article describes about how to configure Aruba controller to detect a hotspot broadcasting the WLAN on the Controller and Manually contain it. We already have an alternate option called "Protect-SSID" which restricts the SSID to be broadcasted only by VALID APs. This feature allow to auto contain the adhoc/ hotsport source device. 

But the option specified in this article allows us to optimize the detection of the hospot/ adhoc network that duplicates the WLAN network on the controller and manually contain it.

 

 



Configuration:

Syntax:

(Aruba-Master7240) (config) #ids ap-classification-rule <Rule-Name>

 

ssid                                        :     SSID to be matched or excluded

check-min-discovered-aps:     Check for Min of Discovered AP Count

classify-to-type                    :     Specify the type that AP should be classified as if it matches rule

conf-level-incr                      :     Increase in conf level percentage on matching rule

discovered-ap-cnt               :     Discovered APs Count

match-ssids                          :     Operation on SSIDs:  is to match or not match

snr-max                                :     Maximum SNR Value

snr-min                                 :     Minimum SNR Value

 

Example:

ids ap-classification-rule "Hotspot-Rogue"

   ssid "GC-WIFI"

   snr-min 60

The created rule should be matched to the ids ap-rule matching profile

ids ap-rule-matching

   rule-name "Hotspot-Rogue"

 



Verification

 

The above specified rule say that if there is any invalid device broadcasting the SSID "Guest_WIFI" and if it is seen by the Aruba APs registered on the controller with a minimum SNR of 60dB and above, it is reported as "suspected-rouge" on the controller.

Now we can select the device that is detected to be broadcasting the WLAN of Aruba and we can manually contain it.

To view the list of invalid device broadcasting the WLAN on the controller use the following command

(Aruba) #show wms ap list

To Manually contain the invalid device use the following command

(Aruba) #wms ap <bssid-of-invalid-device> mode rogue

Logs on External Server:

No special logs need to be enabled on the controller to get the information about IDS. To forward the logs to an external syslog server we could use the following command

(Aruba) #configure terminal

(Aruba) (config) #logging <ip of sys-server>

 

To know more about the available options for sys log server please refer the below link

http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-syslog-setting-on-Aruba-Controllers/ta-p/185690

 

 

Version history
Revision #:
3 of 3
Last update:
‎05-28-2016 01:33 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.