Security, WIDS/WIPS and Aruba ECS

Reply
Contributor I
Posts: 25
Registered: ‎06-30-2009

WEP failure

Hi,

We need an ssid profile with WEP encryption for an old machine control.
The users can connect to the network and obtains an ip address for the dhcp server in the vlan, but they can´t receive any traffic.
I can see in the "acl-hits" that the traffic is permitted for the users, but there is not any traffic.
Is there any fix in wep encryption mode or any security option that is blocking this traffic for weak of encryption?
My arubaos is 3.3.2.22 on switch 6000.

Thanks
Moderator
Posts: 53
Registered: ‎04-09-2007

Re: WEP failure

Harpo,

What type of AP are you using? If 802.11n, you will need to enable "Allow Weak Encryption" under the "HT-SSID-Profile" which is embedded under the "SSID-Profile" you are using.

Regards,

Austin
Moderator
Posts: 53
Registered: ‎04-09-2007

Re: WEP failure

Harpo,

Hit "Send" to quick....you actually may just want to disable HT (High Throughput, in other words 802.11n) for that SSID if using a 11n AP.

Regards,

Austin
Contributor I
Posts: 25
Registered: ‎06-30-2009

Re: WEP failure

Hi Austin,

Thanks for your answer.
I am working with ap-61 in bg mode.
I have created a new "High Throughput" with "Allow Weak Encryption enable" but the wireless client can´t receive any traffic.

Regards
Moderator
Posts: 53
Registered: ‎04-09-2007

Re: WEP failure

Harpo,

With AP-61 being 802.11abg only, the HT and "allow-weak-encryption" do not apply. This should work if you are getting an IP address. Are you seeing the user in the user-table with the right IP address?

You may want to check with TAC on this assuming that the client is in the user-table with the right IP and the right role (show user-table).

Regards,

Austin
MVP
Posts: 517
Registered: ‎05-11-2011

Re: WEP failure

Just a thought - what role do your users get? With Initial role being Login they will get ip-adresses, but be blocked to do anything other than icmp I believe.. Try change Initial role to your "Authenticated" role.

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!