Protect from Adhoc Networks Using Valid SSID
Starting Aruba OS 8.X, IDS feature brings WLAN administrator more granularity over protection against ad-hoc networks. Before the introduction of this feature, ad-hoc network protection was applicable to either none or all ad-hoc networks. With the increasing popularity of ad-hoc networks usage (due to smart phones and mobile hotspots), the need to have granularity over ad-hoc network protection. WLAN administrators can now protect Valid SSIDs while still allowing clients of their infrastructure to use ad-hoc networks.
Once enabled - Protection from adhoc networks using valid SSID involves containing the adhoc networks that use a valid or protected SSIDs so that clients cannot connect to it. This feature provides protection against WPA/WPA2/WEP/open adhoc networks.
(Aruba-MM) ^[mynode] #show ids unauthorized-device-profile <profile name> IDS Unauthorized Device Profile "default" ----------------------------------------- Parameter Value --------- ----- Protect 802.11n High Throughput Devices false Protect 40MHz 802.11n High Throughput Devices false Detect Active 802.11n Greenfield Mode false Detect Adhoc Networks false Protect from Adhoc Networks false Protect from Adhoc Networks - Enhanced false Detect Adhoc Network Using Valid SSID true Adhoc Network Using Valid SSID Quiet Time 900 sec Protect from Adhoc Networks Using Valid SSID false >>>>> New Feature introduced in 8.X Allow Well Known MAC N/A Detect Devices with an Invalid MAC OUI false MAC OUI detection Quiet Time 900 sec Detect Misconfigured AP false Protect Misconfigured AP false Detect Bad WEP false Privacy false Require WPA false Valid 802.11g channel for policy enforcement N/A Valid 802.11a channel for policy enforcement N/A Valid and Protected SSIDs N/A Valid MAC OUIs N/A Rogue AP Classification true Overlay Rogue AP Classification true OUI-based Rogue AP Classification true Propagated Wired MAC based Rogue AP Classification true Rogue Containment false Suspected Rogue Containment false Suspected Rogue Containment Confidence Level 60 Detect Station Association To Rogue AP true Detect Unencrypted Valid Clients true Unencrypted Valid Client Detection Quiet Time 900 sec Detect Valid Client Misassociation true Detect Valid SSID Misuse false Protect SSID false Protect Valid Stations false Valid Wired MACs N/A Detect Windows Bridge true Protect Windows Bridge false Detect Wireless Bridge false Wireless Bridge detection Quiet Time 900 sec Detect Wireless Hosted Network false Wireless Hosted Network Quiet Time 900 sec Protect From Wireless Hosted Networks false
(Aruba-MM) ^[mynode] (config) #ids unauthorized-device-profile Test (Aruba-MM) ^[mynode] (IDS Unauthorized Device Profile "test") #protect-adhoc-using-valid-ssid ? <cr> (Aruba-MM) ^[mynode] (IDS Unauthorized Device Profile "test") #