Wireless Access

Reply
Occasional Contributor II
Posts: 20
Registered: ‎01-10-2012

Configured tarpit, but see deauth containment

Hello,

I have configured my wireless containment to be tarpit-all-sta.
When I look in the security dashboard I see both "AP Deauth Containment" and "Tarpit Containment" occuring.

 

Is that expected to happen?

 

Thanks,

Matt

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Configured tarpit, but see deauth containment

- Where do you have tarpit configured?

- How are you triggering the tarpit?

- Where are you seeing the deauth notification?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 20
Registered: ‎01-10-2012

Re: Configured tarpit, but see deauth containment

Hello,
I have it configured and triggered like this:

ids general-profile

wireless-containment tarpit-all-sta
wired-containment
wired-containment-ap-adj-mac


ids unauthorized-device profile

detect-adhoc-network
detect-wireless-bridge
rogue-containment
suspect-rogue-conf-level 100
no detect-sta-assoc-to-rogue
detect-misconfigured-ap
detect-valid-ssid-misuse
protect-ssid

no detect-unencrypted-valid-client
cfg-valid-11g-channel 1
cfg-valid-11g-channel 6
cfg-valid-11g-channel 11
cfg-valid-11a-channel 36
cfg-valid-11a-channel 40
cfg-valid-11a-channel 44
cfg-valid-11a-channel 48
cfg-valid-11a-channel 52
cfg-valid-11a-channel 56
cfg-valid-11a-channel 60
cfg-valid-11a-channel 64
cfg-valid-11a-channel 100
cfg-valid-11a-channel 104
cfg-valid-11a-channel 108
cfg-valid-11a-channel 112
cfg-valid-11a-channel 116
cfg-valid-11a-channel 120
cfg-valid-11a-channel 124
cfg-valid-11a-channel 128
cfg-valid-11a-channel 132
cfg-valid-11a-channel 136
cfg-valid-11a-channel 140
cfg-valid-11a-channel 149
cfg-valid-11a-channel 153
cfg-valid-11a-channel 157
cfg-valid-11a-channel 161
cfg-valid-11a-channel 165
valid-and-protected-ssid "eduroam"
valid-and-protected-ssid "uw-guest"
valid-and-protected-ssid "uw-nsd2"
valid-and-protected-ssid "uw-unsecured"
detect-ht-greenfield
no detect-valid-client-misassociation

 

 

Which are both used by my AP groups and air monitor groups.

I see it reported in the aruba security dashboard:
Tarpit Containment
AP Deauth Containment
AP Tagged Wired Containment
AP Wired Containment

Search Airheads
Showing results for 
Search instead for 
Did you mean: