Wireless Access

I am new to Aruba and would like to know if I should change the status of my interfering ap's to -valid, interfering, known interfering, rogue, suspected rogue, disable or clear. and what exactly does that do if I do change the status of them. Currently there are 37 interfering ap's and i do not know what they are. Thanks.

Leave them as interfering. They just are 3rd-party APs that your APs can see: Nothing more, nothing less. These are valuable, because they let you know what other access points you can see in your environment.

Exactly.

OK, thanks, i wasnt sure if changing the status of them would free up anything on my network to make it run smoother, but from what your saying that answer is no, I should just ignore them, they do no harm to my network. thanks.

Then what is the point of having the different classifications for the other SSIDs? One of your initial sales pitches to us was the ability to disable or contain known rogue APs on the network. Why have all the different types of interfering APs if we're not supposed to classify them?

It all depends on how you run your network. Valid SSIDs are your own wireless access points that are connected to your controller. Optionally, if you are running third-party access ponts that are not on your controller, you can mark them Valid too. Why is the important? If you run very strict IDS/IPS implementations, your access points marked "Valid" will be left alone.

Interferring access points are access points that are in the air, but are unclassified and NOT rogue access points. Why is this important? We have a knob in our IDS profile that does NOT allow Valid or Corporate users to roam to Interferring APs so that you are not troubleshooting people who roam to starbucks, or happen to connect to what they think is the same Linksys at home.

Known Interferring is a classification that is always manual and it is for people who are trying to keep track of the APs that are not on their network, but interferring. Retail establishments, for PCI compliance must identify all of the access points in their environment, even if they do not have wireless. You can change an access point from interferring to "Known Interferring" when you have identified it, as a check mark to satisfy this requirement. A known interferring access point is not much different from an interferring access point, because if you are trying to keep your Valid users off of them using the knob above, that will still work.

Rogue access points are access points that are detected as being on your wired as well as wireless space. They can be identified as Rogue by the controller, or manually classified so by the administrator. Devices that attempt to connect to rogue devices can be stopped automatically or manually by the administrator.

I hope this helps.

If an AP is considered a Rogue. How does the administrator restrict this AP from the network. Is it through the wired port or is it done through the wireless space not letting users connect?

---

You can do either. The IDS profile can determine if when an access point sees a rogue it will do wired or wireless containment.