Security, WIDS/WIPS and Aruba ECS

Reply
Contributor I
Posts: 33
Registered: ‎04-12-2007

WIP Wired Containment

Hey Guys,

I've recently installed an Aruba controller and configured to work with IDS high settings. Anyway, the controller couldn't neutralized a Rogue AP via the wireline.

Rogue AP is detected by the controller even when the AP doesn't have a valid IP from the same subnet of the controller. Between the controller and the Rogue AP we have two switches, the one the AP is connected to, which is connected to the Controllers switch.

Is it possible that the customer has some device that could block controller's attack to the Rogue AP?

As I told it before the controller could detect that AP as a Rogue, but it can't disable it.


Regards,

Erick Müller
Guru Elite
Posts: 20,391
Registered: ‎03-29-2007

Rogue Containment


Hey Guys,

I've recently installed an Aruba controller and configured to work with IDS high settings. Anyway, the controller couldn't neutralized a Rogue AP via the wireline.

Rogue AP is detected by the controller even when the AP doesn't have a valid IP from the same subnet of the controller. Between the controller and the Rogue AP we have two switches, the one the AP is connected to, which is connected to the Controllers switch.

Is it possible that the customer has some device that could block controller's attack to the Rogue AP?

As I told it before the controller could detect that AP as a Rogue, but it can't disable it.


Regards,

Erick Müller




Eric,

Rogue AP containment means every time the controller sees a client attempt to associate it will try to stop it. Do you have any Air monitors in the Area? Did you try to associate a client? Could it associate?

If the client could associate, please Go into the Arm Profile of that AP-Group and make sure - ARM Scanning is on, Client-aware is off, ARM Power Save is off and ARM Rogue Aware is on.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 33
Registered: ‎04-12-2007

Re: WIP Wired Containment

Thanks Collin, I'll check the ARM profile settings.

Unfortunately the customer doesn't have AMs, that's the reason why they want to do wired containment, just to be sure that they won't have Rogue devices connected to the wireline.

Thanks again.

Erick
Aruba Employee
Posts: 19
Registered: ‎04-27-2009

Re: WIP Wired Containment

How are you testing to see if containment is working? Wired containment works at the IP level and prevents the AP from getting traffic off of the subnet to which it is connected. Basically, it prevents the rogue AP from contacting its router. It will still be able to communicate with anything on the local subnet.
If you need to prevent all traffic to and from the rogue AP then wireless and wired containment should be combined for the most effective solution.
Search Airheads
Showing results for 
Search instead for 
Did you mean: