Controllerless Networks

Reply
Occasional Contributor II

WIPS with IAP, Airwave and RAPIDS

Hi.

 

I configure Airwave and RAPIDS with IAP (iap-115 and iap-225).

I configure rapids to classify an specific AP with specific SSID like valid (using rpiads rules), so the WIPS don't containment this AP (valid) and containment only the rogue AP.

When I enable containment in the IAP (groups -> instant config-> ids -> proteciont). the IAP attacks my valid AP/SSID.

Somebody could help me on this?

Are there somthing else to configure in the Airwave/RAPIDS/IAP?

 

Thanks in advanced.

Aruba Employee

Re: WIPS with IAP, Airwave and RAPIDS

If you want to contain Rogue AP discovered by IAP using RAPIDS from Airwave, you need to enable containment option in RAPIDS > Setup page.

 

Capture.PNG

once we enable this option, you will see containment option in drop down list in Rapids>Rules page.

Capture.PNG

 

Create a containment rule, for example if you want to contain a rogue device broadcasting your valid SSID, create below rule

Capture.PNG

In SSID box, provide your valid SSID. once you add, this rule, Airwave will contain rouge AP which is broadcasting your valid SSID.

 

We could manually contain rogue aswell from Rouge RAPIDS>Details in Airwave.

 

Click on any rogue device in Airwave , it will take us to detial page, under this we have RAPIDS Classification Override: option, select containment option from drop down list and click apply.

Occasional Contributor II

Re: WIPS with IAP, Airwave and RAPIDS

Hi, Pavan.

I did exactly what you say and even so I can connect to 'not desire' SSID at tha Rogue AP.

IAP and Airwave can contained a specific rogue AP?

I classify AP manually to contained rogue but I can connect on it.

 

 

Aruba Employee

Re: WIPS with IAP, Airwave and RAPIDS

Did containment pushed to rogue AP ? If you are manually pushing the containment in RAPIDS>Detail page of rogue you will see the status down the page whether AP is contained or not?

 

Did you enabled settings in RAPIDS>Setup page, before containing the rogue manually?

 

when you logged in to IAPs does that AP showing as rogue or contained?

Regards,

Pavan

Occasional Contributor II

Re: WIPS with IAP, Airwave and RAPIDS

I made a manually containment, after by rules not working.

 

Yes, I enable containment in the Rapids>Setup

 

When I log in the IAP and choose IDS I see the AP as 'disable-rogue'

Aruba Employee

Re: WIPS with IAP, Airwave and RAPIDS

in rapids>detail page screen shot i could see controller already classifed that particular rogue device as contained and in IAP,  status is showing as disabled.

 

Have you enabeld IDS>proticetion setting in Airwave? If yes, I beileve those setting got pushed to IAP, based on this setting IAP containing the rogue AP.

 

If you want to contain through Airwave set those settings to low and try manual contain the rogue.

 

Based on output it looks rogue is already disabled and we should not able to connect to the SSID. Can you try with a different rogue devices and check the status.

 

Occasional Contributor II

Re: WIPS with IAP, Airwave and RAPIDS

Hi, Pavan.

 

After change IDS protection to low, the configuration of the AP shows as mismatched (pictures attached). How can I fix this?

Aruba Employee

Re: WIPS with IAP, Airwave and RAPIDS

what exact mismatch it is showing, can you click on mismatch , it will take you to the page where it shows the mismatch configuation.

 

We dont need to worry much regarding mismatch, did you click apply after making changes?

 

Have you tried testing the containment with different rogue AP?

 

Occasional Contributor II

Re: WIPS with IAP, Airwave and RAPIDS

 
Aruba Employee

Re: WIPS with IAP, Airwave and RAPIDS

it looks you havent click apply button after making changes in IDS. Try click apply to push configuration to IAP,

 

Instead of setting to low,set to off , click apply. once configuraton get pushed test containment with Airwave RAPIDS.

 

As I mentioned in my preivous post, IAP classifed the device as contained (based on IDS setting) and also you manually contained rogue from Airwave. It looks rogue is already contained, if you still connecting to the device, try test with different one.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: