Wireless Access

Reply
Frequent Contributor II

Airwave rogue detection only in 2 rooms

Today our airwave is only alerting on wired to wireless, and cloned SSID detection. I have been tasked to also monitor rogue devices such as MIFI's and laptops running adhoc from our datacenters only. Is that possible to monitor and alert on those devices only from AM's installed in those rooms. Looking at the rapids rules section doesn't seem to be a way to setup a rule to only detect on certain AM's or AP group. Does anyone know how this could be done?

Moderator

Re: Airwave rogue detection only in 2 rooms

It'd be a feature request for a rule action, trigger/alert action.

 

A workaround method could be: have those devices isolated into group or folder.  Then run a 'new rogue devices' report on the selected group(s) / folders(s).  And you could have that report set to run and email to your inbox hourly.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Frequent Contributor II

Re: Airwave rogue detection only in 2 rooms

Would there be anyway to SNMP trap filter with our monitoring tool based on detection by only those AP's? I guess I'm wondering if there is a way to send the detecting AP. I will investigate the report methode I think they wanted to have something that was realtime monitoring we would put up warning signs on the data center doors said to notify our operations before using a MiFI device.

Highlighted
Moderator

Re: Airwave rogue detection only in 2 rooms

You could try:

 

System -> Triggers, Type = Device Event

Create a trigger for SNMP Traps for rogue discovery events from the controller, and have that set to send to an external NMS setup.

(You'd have to setup the external NMS monitoring from AMP Setup -> NMS to get the NMS alert option at the bottom of the trigger setting)

 

I haven't done this, but it seems like it could work if I knew what the discovery event messages looked like.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Frequent Contributor II

Re: Airwave rogue detection only in 2 rooms

What about an IDS profile on the controller configured to an AP group that only has 1 Air Monitor in it. I don't know much about IDS need to learn more about that. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: