12-05-2014 06:04 AM
Hope you will be able to help me with this. I am wondering if RAPIDS will detect as rogue APs that are:
Not broadcasting (hidden SSID) corporate SSID
Broadcasting/hiding corporate SSID with MAC address being spoofed
Thanks in advance.
12-05-2014 06:08 AM
Are you using Aruba air monitors and APs? Or are your switches reporting up to RAPIDS?
Note that while hidden SSIDs can take longer to discover (unless clients are active on the SSID then detection is just as quick), they can still be detected, hidden or not, since the actual 'hiding' of the SSID doesn't really prevent the probe-requests and responses from happening, and once that occurs, assuming you have AMs and/or switches reporting up to RAPIDS/AirWave, they will be detected, and certainly once a client associates. It's a regular test we do with our Federal customers.
Sr. Techical Marketing Engineer
12-05-2014 06:37 AM
Thanks on swift reply. We are using either APs (MCs or IAPs) for RAPIDS. I wasn't too clear on second point, but what is a scenario if someone spoofes MAC from one of our APs? Or is that dealt with by CPPM?