1. Aruba Controller running minimum AOS: 6.0 and above
2. RF Protect License.
This Article describes about how to configure Aruba controller to detect a hotspot broadcasting the WLAN on the Controller and Manually contain it. We already have an alternate option called "Protect-SSID" which restricts the SSID to be broadcasted only by VALID APs. This feature allow to auto contain the adhoc/ hotsport source device.
But the option specified in this article allows us to optimize the detection of the hospot/ adhoc network that duplicates the WLAN network on the controller and manually contain it.
(Aruba-Master7240) (config) #ids ap-classification-rule <Rule-Name>
ssid : SSID to be matched or excluded
check-min-discovered-aps: Check for Min of Discovered AP Count
classify-to-type : Specify the type that AP should be classified as if it matches rule
conf-level-incr : Increase in conf level percentage on matching rule
discovered-ap-cnt : Discovered APs Count
match-ssids : Operation on SSIDs: is to match or not match
snr-max : Maximum SNR Value
snr-min : Minimum SNR Value
ids ap-classification-rule "Hotspot-Rogue"
The created rule should be matched to the ids ap-rule matching profile
The above specified rule say that if there is any invalid device broadcasting the SSID "Guest_WIFI" and if it is seen by the Aruba APs registered on the controller with a minimum SNR of 60dB and above, it is reported as "suspected-rouge" on the controller.
Now we can select the device that is detected to be broadcasting the WLAN of Aruba and we can manually contain it.
To view the list of invalid device broadcasting the WLAN on the controller use the following command
(Aruba) #show wms ap list
To Manually contain the invalid device use the following command
(Aruba) #wms ap <bssid-of-invalid-device> mode rogue
Logs on External Server:
No special logs need to be enabled on the controller to get the information about IDS. To forward the logs to an external syslog server we could use the following command
(Aruba) #configure terminal
(Aruba) (config) #logging <ip of sys-server>
To know more about the available options for sys log server please refer the below link