Security

Reply
Contributor I
Posts: 24
Registered: ‎10-31-2016

Rouge AP containment via Wirless network

Dear allfriends, and experts,

 

Im buiding lab and demo some features of IPS/IDS with RF Protect license.

In my understand have two ways to Rouge containment.

1. On Wired network ( Plug into an AP unauthorized to Wired network.

=> Air montir will block fake BSSID, and  the AM ignores the client (done)

2. On the wireless network

AM see a hotspot and hotspot broadcast a random SSID, i set this learned from AM to Rouge.

But, i dont see anything changed, client still can connect to Rouge AP and can do anything.

Please clearly for me, In wirelss network,, Aruba can ignores client ? Because when i read documents, it said can ignores AP rouge via wired and wireless netowrk.

Thank you so much,

Lee

MVP
Posts: 342
Registered: ‎07-26-2011

Re: Rouge AP containment via Wirless network

[ Edited ]

Have you turned Rogue containment on?

 

(config) #ids unauthorized-device-profile default
(IDS Unauthorized Device Profile "default") #rogue-containment

 

ACMA, ACMP
If my post addresses your query, give kudos:)
Contributor I
Posts: 24
Registered: ‎10-31-2016

Re: Rouge AP containment via Wirless network

Hello Zalon0,

I configed, so it's only affected when i plug an AP into Wired network.

But on wireless network its dose not efftected.

 

Thank you so much, any idear for me, this is the first time i working with IDS/IPS

 

Regards,

Lee

 

MVP
Posts: 287
Registered: ‎11-04-2008

Re: Rouge AP containment via Wirless network

[ Edited ]

1.png

1. try show ap monitor ap-list ap-name <yourAP>.  In my AP, DOS was disable, so you can see two rogues SSIDs: NINCOM and NINCOM-GUEST.

2.png

2: show ids unauthorized-device-profile default: you can see the rouge containement is false

Enable the containement, then you will see rougue be DoS or tarpit

 

~Trinh Nguyen~
Boys Town
Search Airheads
Showing results for 
Search instead for 
Did you mean: