Network Management

Reply
MVP
Posts: 1,422
Registered: ‎10-25-2011

Using Airwave to contain rogues

Good evening/day to all, depends where you are :)

 

We are managing this network, financial sector, where the users are corporate employees.

It has been determined that we do not want the corporate users associating to anything but the corporate network.

 

Now, in order to set this up properly, we created a WIPs policy on the controllers. Don't have the details as of right now (at home) but we also are using Airwave to manage the network.

 

We have some RAPIDS rules setup to automatically contain rogues based on certain rules, such as any open network within -70db would be contained, any encrypted network not broadcasting our corporate SSID is a neighbour.

 

I was just wondering if anyone has any advice on properly securing this network or if anyone has had similar setups and can share their experiences.

 

Thanks,

p

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Using Airwave to contain rogues

If you have the RFProtect license, you can do this within the controller.  Please do a search for "protect valid stations" in the ArubaOS 6.1 user guide:

 

Protect Valid Stations

 

Protecting a valid client involves disconnecting that client if it is associated to a non-valid AP. 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,422
Registered: ‎10-25-2011

Re: Using Airwave to contain rogues

We do have an RFProtect license but we would like to use Airwave in order to control IPS.

 

I understand that it is the controller that does all of the work and protect valid stations is within our WIPs policy.

So, as far as I understand it by having "protect valid stations" enabled, the controller will automatically protect all clients meaning it will not allow them to associate to any other AP, regardless.?

 

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Using Airwave to contain rogues


pmonardo wrote:

We do have an RFProtect license but we would like to use Airwave in order to control IPS.

 

I understand that it is the controller that does all of the work and protect valid stations is within our WIPs policy.

So, as far as I understand it by having "protect valid stations" enabled, the controller will automatically protect all clients meaning it will not allow them to associate to any other AP, regardless.?

 

 

 


Valid Stations are stations that have connected to the Aruba controller using some sort of encryption.  The controller keeps track of all the mac addresses of these devices.   Protect Valid Stations does not allow any of those devices to connect to any APs outside of your Aruba WLAN.  That behavior is only when those clients are within earshot of your company's access points.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,422
Registered: ‎10-25-2011

Re: Using Airwave to contain rogues

[ Edited ]

thx

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Frequent Contributor I
Posts: 73
Registered: ‎05-27-2009

Re: Using Airwave to contain rogues

Hi all,

 

If we find a "rogue station/client" in Airwave, and we want to set it as "valid" (due to some special requirement)... is it better to "define" the "rogue station/client" as "valid" in Airwave or controller? _____

 

Thus, for Airwave, we go to "RAPIDS > List > Detail Page", under "WMS Classification Override" to classify it as Valid? .... Or....

Should we go to the controller to "valid" the client? 

"If there's a will, there's a way."
MVP
Posts: 1,422
Registered: ‎10-25-2011

Re: Using Airwave to contain rogues

If Airwave is configured on the controller (Airwave wizard), it you classify in Airwave it should push down to the controller.
Once you classify as valid, log into the controller and type "show audit-trail" and see if Airwave is logging in and marking the user as valid.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Frequent Contributor I
Posts: 73
Registered: ‎05-27-2009

Re: Using Airwave to contain rogues

Thanks for the tip!

 

Can we go to "RAPIDS > List > Detail Page", under "WMS Classification Override" to classify the target "rogue client" as Valid? ___

 

Is there another/alternative place in Airwave to classify the "rogue device"? ____

 

"If there's a will, there's a way."
Search Airheads
Showing results for 
Search instead for 
Did you mean: