Controller Based WLANs

What Does Protect SSID Setting Accomplish?

Aruba Employee

There is a setting in the IDS Unauthorized Device profile called ‘protect ssid.’  It can be configured as follows:

(MC-01) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z

(MC-01) (config) #ids unauthorized-device-profile default
(MC-01) (IDS Unauthorized Device Profile "default") #?
protect-ssid                      Enable/disable use of SSID by only valid Aps
valid-and-protected-ssid      Configure valid and protected SSID

(MC-01) (IDS Unauthorized Device Profile "default") #valid-and-protected-ssid ?
<ssid>                  SSID

(MC-01) (IDS Unauthorized Device Profile "default") #valid-and-protected-ssid test

(MC-01) (IDS Unauthorized Device Profile "default") #protect-ssid


Behavior When Protect SSID Setting is Enabled

If enabled, this tells the APs/Controller to not let any 3rd party AP (or interfering AP) to broadcast the SSID that is configured in the "valid-and-protected-ssid" of the IDS unauthorized device profile.  This means that an Aruba AP with SSID test (as configured above) will attempt to contain any non-valid AP that is advertising SSID test.

The AP does the containment by sending deauths to anything trying to associate to it (by spoofing the AP's bssid) and it should be sending deauths to the AP (by spoofing the wireless client mac address that was trying to associate to it).

Note:  This setting should be used very carefully as it prevents station associations.

Version history
Revision #:
1 of 1
Last update:
‎07-05-2014 04:22 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.