Controller Based WLANs

Protect from Adhoc Networks Using Valid SSID
Q:

Protect from Adhoc Networks Using Valid SSID



A:

Starting Aruba OS 8.X, IDS feature brings WLAN administrator more granularity over protection against ad-hoc networks. Before the introduction of this feature, ad-hoc network protection was applicable to either none or all ad-hoc networks. With the increasing popularity of ad-hoc networks usage (due to smart phones and mobile hotspots), the need to have granularity over ad-hoc network protection. WLAN administrators can now protect Valid SSIDs while still allowing clients of their infrastructure to use ad-hoc networks.

 

Once enabled - Protection from adhoc networks using valid SSID involves containing the adhoc networks that use a valid or protected SSIDs so that clients cannot connect to it. This feature provides protection against WPA/WPA2/WEP/open adhoc networks.

 

(Aruba-MM) ^[mynode] #show ids unauthorized-device-profile <profile name>

IDS Unauthorized Device Profile "default"
-----------------------------------------
Parameter                                           Value
---------                                           -----
Protect 802.11n High Throughput Devices             false
Protect 40MHz 802.11n High Throughput Devices       false
Detect Active 802.11n Greenfield Mode               false
Detect Adhoc Networks                               false
Protect from Adhoc Networks                         false
Protect from Adhoc Networks - Enhanced              false
Detect Adhoc Network Using Valid SSID               true
Adhoc Network Using Valid SSID Quiet Time           900 sec
Protect from Adhoc Networks Using Valid SSID        false          >>>>>  New Feature introduced in 8.X
Allow Well Known MAC                                N/A
Detect Devices with an Invalid MAC OUI              false
MAC OUI detection Quiet Time                        900 sec
Detect Misconfigured AP                             false
Protect Misconfigured AP                            false
Detect Bad WEP                                      false
Privacy                                             false
Require WPA                                         false
Valid 802.11g channel for policy enforcement        N/A
Valid 802.11a channel for policy enforcement        N/A
Valid and Protected SSIDs                           N/A
Valid MAC OUIs                                      N/A
Rogue AP Classification                             true
Overlay Rogue AP Classification                     true
OUI-based Rogue AP Classification                   true
Propagated Wired MAC based Rogue AP Classification  true
Rogue Containment                                   false
Suspected Rogue Containment                         false
Suspected Rogue Containment Confidence Level        60
Detect Station Association To Rogue AP              true
Detect Unencrypted Valid Clients                    true
Unencrypted Valid Client Detection Quiet Time       900 sec
Detect Valid Client Misassociation                  true
Detect Valid SSID Misuse                            false
Protect SSID                                        false
Protect Valid Stations                              false
Valid Wired MACs                                    N/A
Detect Windows Bridge                               true
Protect Windows Bridge                              false
Detect Wireless Bridge                              false
Wireless Bridge detection Quiet Time                900 sec
Detect Wireless Hosted Network                      false
Wireless Hosted Network Quiet Time                  900 sec
Protect From Wireless Hosted Networks               false

 

Configuration:

 

(Aruba-MM) ^[mynode] (config) #ids unauthorized-device-profile Test
(Aruba-MM) ^[mynode] (IDS Unauthorized Device Profile "test") #protect-adhoc-using-valid-ssid ?
<cr>
(Aruba-MM) ^[mynode] (IDS Unauthorized Device Profile "test") #
Version History
Revision #:
2 of 2
Last update:
a month ago
Updated by:
 
Labels (1)
Contributors
Comments
Upstanding_Citizen

How does one allow certain ad-hoc networks that need to speak to each other, but deny any others? whitelist?

Upstanding_Citizen

How does one determine that the Valid SSID is? If i have an Ad Hoc Network that I want to allow, while denying others, how to I allow only that SSID?

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.