03-19-2017 02:41 AM
Dear allfriends, and experts,
Im buiding lab and demo some features of IPS/IDS with RF Protect license.
In my understand have two ways to Rouge containment.
1. On Wired network ( Plug into an AP unauthorized to Wired network.
=> Air montir will block fake BSSID, and the AM ignores the client (done)
2. On the wireless network
AM see a hotspot and hotspot broadcast a random SSID, i set this learned from AM to Rouge.
But, i dont see anything changed, client still can connect to Rouge AP and can do anything.
Please clearly for me, In wirelss network,, Aruba can ignores client ? Because when i read documents, it said can ignores AP rouge via wired and wireless netowrk.
Thank you so much,
03-19-2017 03:48 AM - edited 03-19-2017 03:56 AM
Have you turned Rogue containment on?
(config) #ids unauthorized-device-profile default (IDS Unauthorized Device Profile "default") #rogue-containment
If my post addresses your query, give kudos:)
03-19-2017 03:57 AM
I configed, so it's only affected when i plug an AP into Wired network.
But on wireless network its dose not efftected.
Thank you so much, any idear for me, this is the first time i working with IDS/IPS
03-20-2017 12:00 PM - edited 03-20-2017 12:04 PM
1. try show ap monitor ap-list ap-name <yourAP>. In my AP, DOS was disable, so you can see two rogues SSIDs: NINCOM and NINCOM-GUEST.
2: show ids unauthorized-device-profile default: you can see the rouge containement is false
Enable the containement, then you will see rougue be DoS or tarpit