This article describes Aruba SNMP Traps that are supported in 7.0 and earlier (there's a separate article for AirWave versions 7.1 and later).IDS Traps are discussed in the 'AirWave and Aruba Best Practice Guide':http://www.airwave.com/download/docs/70/AirWaveandArubaBestPracticesGuide.pdfThese are the current IDS Traps that are supported by AMP:1. Auth Traps Utilized by AWMS– wlsxNUserAuthenticationFailed– wlsxNAuthServerReqTimedOut 2. IDS Traps Utilized by AWMS– wlsxSignatureMatchAP – wlsxSignatureMatchSta– wlsxSignAPNetstumbler– wlsxSignStaNetstumbler– wlsxSignAPAsleap– wlsxSignStaAsleap– wlsxSignAPAirjack– wlsxSignStaAirjack– wlsxSignAPNullProbeResp– wlsxSignStaNullProbeResp– wlsxSignAPDeauthBcast– wlsxSignStaDeauthBcast3. IDS Traps Integrated into AMPAP Flood AttackAP ImpersonationChannel Frame Error Rate ExceededChannel Frame Fragmentation Rate ExceededChannel Frame Retry Rate ExceededChannel Rate AnomalyDisconnect Station Attack (AP)Disconnect Station Attack (Station)EAP Rate AnomalyFrame Band Width Rate ExceededFrame Fragmentation Rate ExceededFrame Low Speed Rate ExceededFrame Non-Unicast Rate ExceededFrame Receive Error Rate ExceededFrame Retry Rate ExceededInvalid MAC OUI (AP)Invalid MAC OUI (Station)Node Rate Anomaly (AP)Node Rate Anomaly (Station)Repeat WEP-IV Violation (AP)Repeat WEP-IV Violation (Station)Reserved Channel ViolationSequence Number Anomaly (AP)Sequence Number Anomaly (Station)Signal AnomalyStation Associated to Rogue APStation ImpersonationStation Unassociated from Rogue APValid SSID ViolationValid Station Policy ViolationWeak WEP-IV ViolationWeak WEP-IV Violation (Station)Signature - AP AirJackSignature - Station AirJackSignature - AP AsleapSignature - Station AsleapSignature - Deauth BroadcastSignature - AP NetstumblerSignature - Null Probe ResponseSignature - Impersonate APSignature - Impersonate StationTo view the status of all traps (on the controller):# show snmp trap-listTo view with focus on the supported traps (again, on the controller):# show snmp trap-list | include wlsx-----
To enable the supported traps:snmp-server trap enable wlsxNUserAuthenticationFailedsnmp-server trap enable wlsxNAuthServerReqTimedOutsnmp-server trap enable wlsxSignatureMatchAPsnmp-server trap enable wlsxSignatureMatchStasnmp-server trap enable wlsxSignAPNetstumblersnmp-server trap enable wlsxSignStaNetstumblersnmp-server trap enable wlsxSignAPAsleapsnmp-server trap enable wlsxSignStaAsleap snmp-server trap enable wlsxSignAPAirjacksnmp-server trap enable wlsxSignStaAirjacksnmp-server trap enable wlsxSignAPNullProbeRespsnmp-server trap enable wlsxSignStaNullProbeRespsnmp-server trap enable wlsxSignAPDeauthBcastsnmp-server trap enable wlsxSignStaDeauthBcastNote: You will need to issue the “write mem” command.To Test IDS traps:Create a signature profile that triggers when a specific MAC connects to an AP. Below are the commands to create such a profile (this assumes that your AP Groups are using the signature matching profile called "default") for "My Laptop": (Aruba-Controller) (config) #ids signature-profile "My Laptop" (Aruba-Controller) (IDS Signature Profile "My Laptop") #frame-type assoc(Aruba-Controller) (IDS Signature Profile "My Laptop") #src-mac 00:1F:3B:32:63:7E(Aruba-Controller) (IDS Signature Profile "My Laptop") #!(Aruba-Controller) (config) #ids signature-matching-profile "default"(Aruba-Controller) (IDS Signature Matching Profile "default") #signature "My Laptop"(Aruba-Controller) (IDS Signature Matching Profile "default") #!After that, just associate to an AP and a trap should show up very quickly.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.