02-03-2012 09:13 AM
I have a ‘rogue’ detection issue that I am trying to investigate.
I am looking for a Real Rogue (RAPIDS detected in air and on LAN) to be identified within one hour with an email from a trap alert. The last one I simulated took approx 8 hours to be identified by AMP as a real ROGUE.
In a nutshell here is what we are finding…..
Rogue is plugged in and Aruba Controller Immediately detects as Suspected Rogue - OK
AirWave gets Suspected Rogue alert and sends email – OK
AirWave is set to poll ARP and BRIDGE TABLE of all the LAN switches Every 15 minutes – OK
AirWave changes its ROGUE classification from SUSPECTED ROGUE to ROGUE after approx. 8 HOURS – NOT OK
Is there anything I should be looking for here? Is there some other process that isn’t kicking off more quickly?
02-03-2012 03:23 PM
It sounds like it's the processing of ARP/Bridge forwarding data that's the bottleneck.
On the AMP Setup page there's a setting for RAPIDS processing priority. Is that set to Low? Does setting it to High make a difference?