Product and Software: This article applies to all Aruba controllers and ArubaOS 2.5.0 and later.
The "rogue-ap-aware" option in the ARM profile allows the AP to change its channel to the rogue's channel to enable containment, but only if "rogue-containment" is enabled.
The purpose of the feature is to provide effective containment in the AP mode. The AP spends very little time on other channels, so if a rogue that needs to be contained is on a different channel, containment would be difficult with regular scanning. If the AP moves to the rogue's channel, containment is very effective.
However, if the AP already has clients associated to it, it does not change to the rogue's channel if the "client-aware" knob is enabled.
Examples
- The Aruba AP is in channel 1 and the rogue is in channel 6. The Aruba AP moves to channel 6.
- The Aruba AP is on channel 1, one rogue is on channel 1, and another rogue on channel 6. The Aruba AP stays on channel 1 where it can contain the rogue on channel 1 more effectively. The AP attempts to contain the rogue on channel 6 also during scanning, but it is not very effective.
When the AP moves to the rogue channel, it services clients on that channel.
The ARM rogue-ap-aware parameter is used for ARM configuration.
If the rogue-ap-aware ARM option is disabled, an AP contains a rogue only when the rogue AP is on the same channel used by the monitoring AP. If the option is enabled, the AP switches to the channel that the rogue is on and contains it by continually sending deauths. The ARM option assignment must be enabled. (Be warned that the ARM options client-aware, voice-aware, and ps-aware have priority over rogue-ap-aware. If scanning is paused for them, the AP does not switch channels to the channel that the rogue is on to contain it.). This channel switching is also limited to the valid-channel settings from the AP regulatory-domain, that is, if only channels 1, 6, and 11 are permitted in regulatory-domain, the AP does not switch to channel 8 even it a rogue AP is detected. Also, if a rogue AP is already on the channel that the AP is on, the AP does not switch to another channel where another rogue might reside.
ArubaOS 2.x
To enable or disable rogue-ap-aware, enter this command:
(Aruba) (sap-config location x.y.z) #arm rogue-ap-aware enable
(Aruba) (sap-config location x.y.z) #arm rogue-ap-aware disable
ArubaOS 3.x
To enable or disable rogue-ap-aware, enter this command:
(Aruba) (Adaptive Radio Management (ARM) profile "default") # rogue-ap-aware
(Aruba) (Adaptive Radio Management (ARM) profile "default") # no rogue-ap-aware