Controller-less WLANs

What are the various Intrusion Detection and Protection methods supported by Instant APs managed by Aruba Central and how to configure them?

by on ‎07-03-2014 08:25 PM

This article explains

  • The different WIDS and WIPS features supported through Aruba Central dashboard.
  • Configuration of these features through the Central dashboard.

You can configure the following options under WIDS/WIPS for an IAP through the Central dashboard:

 

Intrusion Detection:

  • Infrastructure Detection Policies— Specifies the policy for detecting wireless attacks on access points
  • Client Detection Policies— Specifies the policy for detecting wireless attacks on clients

The following levels of INTRUSION DETECTION can be configured in the Wireless IDS/IPS
page on the Central dashboard:
 

  • Off
  • Low
  • Medium
  • High
  • Custom

Intrusion Prevention:

  • Infrastructure Protection Policies— Specifies the policy for protecting access points from wireless attacks.
  • Client Protection Policies— Specifies the policy for protecting clients from wireless attacks.
  • Containment Methods— Prevents unauthorized stations from connecting to your Instant  network.


The following levels of INTRUSION PROTECTION can be configured in the Wireless IDS/IPS
page on the Central dashboard:

  • Off
  • Low
  • High
  • Custom

Note: Please refer to the Instant User Guide for  the detailed list of default policies supported under each level.

 

Environment : This article applies to all the Instant Access Points running Aruba Instant OS version 6.2.1.0-3.3.0.0 or above and managed by Aruba Central.

 

Configuring Intrusion Detection on Aruba Central:

  1. Navigate to Configuration> Network
  2. Choose the group in which the configuration needs to be applied.
  3. Click Wireless IDS/IPS
  4. Click “Detection”.
  5. Choose your threat detection level for infrastructure and client. You can also choose the “custom” option to specify the custom defined detection policy.
  6. Click “Save Settings” at the bottom of the page.

The following screenshot shows the above configuration. In this screenshot, the Infrastructure detection policy level is set to ‘Medium’ and the Client detection policy level is set to ‘High’ and all the associated policies appear on the right.

 

rtaImage.png

 

Configuring Intrusion Prevention on Aruba Central:

  1. Navigate to Configuration> Network
  2. Choose the group in which the configuration needs to be applied.
  3. Click Wireless IDS/IPS
  4. Click “Protection”.
  5. Choose the containment method for wired and/or wireless.

 

  • Wired containment: When enabled, Aruba Access Point generates ARP packets on the wired network to contain wireless attacks.
  • Wireless containment:  When enabled, the system attempts to disconnect all clients that are connected or attempting to connect to the identified Access Point. Wireless containment can be of following types:-

 

  1. None— Disables all the containment mechanisms.
  2. Deauthenticate only— With deauthentication containment, the Access Point or client is contained by disrupting the client association on the wireless interface.
  3. Tarpit containment— With Tarpit containment, the Access Point is contained by trapping clients that are attempting to associate with it to a tarpit. The tarpit can be on the same channel or a different channel as the Access Point being contained. We can either trapit only the invalid stations or all the stations.

      6. Click “Save Settings” at the bottom of the page.
 
The following screenshot shows the above configuration. In this screenshot, the Infrastructure protection policy is set to ‘Low’ and the Client protection policy is set to ‘High’ and all the associated policies appear on the right.

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.