12-27-2016 10:41 AM
I would like to implement some containment regarding some rogue access points (3G and 4G devices).
It's not very clear to me how does this work on IAP.
Does it only work with Monitor mode IAPs?
What would be your recommended settings?
12-29-2016 09:15 AM
Please review the user guide for IDS. There is no requirement to have a dedicated Air Monitor to perform containment and there are also wired containment options available as well.
Note that if you have Aruba or HPE Aruba switches, you can automatically have the IAP inform the upstream switch that there is a rogue and the switch itself will admin down the port.
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
12-29-2016 12:21 PM
I was testing some settings...
Right now I have set to High in terms of detection and also protection but I can't see actual difference.
I setup a rogue 4G Wifi Hotspot right next to an IAP 205 but the clients seems to be able to connect to it and have proper network access...
I set the wireless containment to "Tarpit all stations"
12-29-2016 05:09 PM
I would leave it to the defaults. High has unintended consequnces and can deny legitimate traffic.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
4 weeks ago - last edited 4 weeks ago
I'm back to this topic because I would like to really see this working.
Basically let's imagine that I have rogue AP (not connected to the wired network) with SSID My_Example. My_Example SSID is a corporate SSID.
I can't see any containment in terms of clients beeing disconnected from that rogue AP.
4 weeks ago
Is your IAP able to see the wired MAC of the rogue IAP? It will only be able to classify it as rogue and start the containment if it can see the rogue AP in both the air and on the wired side. If you run the below you will be able to determine what is being observed by the IAP and its classification.
#show ids aps
If my post addresses your query, give kudos:)