Security

Dear allfriends, and experts,

Im buiding lab and demo some features of IPS/IDS with RF Protect license.

In my understand have two ways to Rouge containment.

1. On Wired network ( Plug into an AP unauthorized to Wired network.

=> Air montir will block fake BSSID, and  the AM ignores the client (done)

2. On the wireless network

AM see a hotspot and hotspot broadcast a random SSID, i set this learned from AM to Rouge.

But, i dont see anything changed, client still can connect to Rouge AP and can do anything.

Please clearly for me, In wirelss network,, Aruba can ignores client ? Because when i read documents, it said can ignores AP rouge via wired and wireless netowrk.

Thank you so much,

Lee

Have you turned Rogue containment on?

(config) #ids unauthorized-device-profile default
(IDS Unauthorized Device Profile "default") #rogue-containment

Hello Zalon0,

I configed, so it's only affected when i plug an AP into Wired network.

But on wireless network its dose not efftected.

Thank you so much, any idear for me, this is the first time i working with IDS/IPS

Regards,

Lee

1. try show ap monitor ap-list ap-name <yourAP>.  In my AP, DOS was disable, so you can see two rogues SSIDs: NINCOM and NINCOM-GUEST.

2: show ids unauthorized-device-profile default: you can see the rouge containement is false

Enable the containement, then you will see rougue be DoS or tarpit