Wireless Access

Reply
Occasional Contributor II

Air monitors not participating in containment

We have containment enabled and managed through Airwave. Rogue detection on AWMS works, the containment settings are successfully pushed back to the controller. The issue is that containment only works when the rogue AP is on the same channel as a nearby AP.

 

Since we hace 'client-aware' enabled, it's expected that the AP won't go off channel to contain a rogue. This is why we also have dedicated air monitors, configured to be rogue aware. These air monitors, however, do not appear to be doing anything to contain the rogur.

 

I have a case open with Aruba, but I wanted to see if anybody in the community had any suggestions.

Guru Elite

Re: Air monitors not participating in containment

Do you have have Rogue AP Enforcement Enabled in the IDS profile?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Air monitors not participating in containment

I have 'Rogue Containment' enabled in the IDS unauthorized device profile. I don't seen any option for 'Rogue Enforcement".

Guru Elite

Re: Air monitors not participating in containment

You also need Wireless Containment under IDS General Profile



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Air monitors not participating in containment

Wireless containment is set to 'tarpit all stations', wired containment is also enabled.

Guru Elite

Re: Air monitors not participating in containment

Please look at the knowledgebase article here:  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-605 to determine if the classifications are really being pushed.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Air monitors not participating in containment

I believe that the classifications are actually being pushed as shown by the output of:

 

(MC6000-WH-LISCR-S0) #show wms ap A0:F3:C1:78:63:1E

AP Info
-------
BSSID SSID Channel Type RAP_Type Status Ageout HT-Type HT-Sec-Chan
----- ---- ------- ---- -------- ------ ------ ------- -----------
a0:f3:c1:78:63:1e TP-LINK_78631E 6 generic-ap manually-contain up 0 HT-40mhz 10

 

The classification 'manually contain' is set when the Airwave sends the classification. When we disable management of rogues through Airwavem this classification changes to automatic, but our results are the same (i.e. the rogue isn't contained).

 

The other thing is that containment works fine when the rogue is on the same channel as a nearby AP. This is consistent with client-aware configuration, in that the AP is containing rogues on it's same channel, but won't go of channel when clients are connected.

 

So it's clear that rogue detection, classification, containment, and client-aware work fine. The issue is that the air monitors, which are configured to be rogue aware, and to scan multiple bands and all regulatory domains aren't doing anything to contain the rogue. The rogue is only contained when I put an Aruba AP on the same channel as the rogue.

Guru Elite

Re: Air monitors not participating in containment

What type of access points are these and what version of ArubaOS?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Air monitors not participating in containment

They are AP135 access points and the version is 6.1.2.7.

Guru Elite

Re: Air monitors not participating in containment

Please try upgrading yo 6.1.3.7 and try again. It seems like you have your bases covered but your code is old...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: