Controller Based WLANs

What is IP address classification feature with Aruba OS 6.5 ?
Q:

What is IP address classification feature with Aruba OS 6.5 ?



A:
  • IP classification service helps in identifying the malicious IP addresses and the origin. 
  • This feature once enabled will cause all L3 traffic to be classified. All the sessions shall be classified with reputation (either malicious or clean) and geolocation (as originating from a specific location, which can be either country or more specific city) information. 
  • When a new session is received, the source and destination IP addresses are fetched and table lookup is done for both the IP addresses to get the reputation/location information of these IP addresses. 
  • Aruba Networks is partnering with Brightcloud to get the IP reputation and geolocation database. These databases are updated frequently through periodic sync from the servers through SSL (aruba.brightcloud.com)
  • The IP reputation database contains all the current known IP addresses associated with various malicious activities. 
  • The geolocation IP database will be used to determine the geographical location of the IP address from where the traffic is received or to which the traffic is sent. 

 

Enabling IP classification enables both ip reputation and geolocation service . It’s a controller specific configuration  

CLI

(config) #firewall ip-classification

WebUI

Advanced Services > Stateful Firewall > Global Settings > Enable IP classification

 

Note: This requires Web-CC subscription license

Version History
Revision #:
2 of 2
Last update:
‎03-24-2017 07:55 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.