Wireless Access

Hey everyone,

I have an issue with deauth containment not working on rogue APs. Well, I shouldn't say it's "not working". It seems to work off and on, but not nearly as well as it should.

Some network details:

Aruba 6000 chassis with two m3 controllers (one local, one master)

an extremely dense deployment of 350+ AP105s

I do have 'rogue AP aware' enabled in my ARM profile (see screenshot for complete ARM profile config), but mode aware is not enabled. We were advised against it by our sales engineer.

Am I missing anything configuration-wise?

I appreciate any insight/advice. :)

Do you have the IDS/IPS (RF Protect) license (only necessary for Tarpitting)

Do you have Deauth, or Tarpit in your IDS General Profile?

Lastly, do you have "Rogue Containment" in your IDS Unauthorized Device Profile?

Yes, we do have the necessary RF Protect licensing.

Yes, wireless containment is is set to deauth-only.

Yes, rogue containment is enabled in the IDS Unauthorized Device profile.

I would recommend opening a TAC case.  Another thing to try is running the 'show ap monitor conainment-info' command from the CLI.  It is a lower level debugging command that will tell you how many containmnet packets have been sent.

Hello

do you have on the area that the rogue ap is, do you got an air monitor covering that area?

Beacause if the asnwer is no then, it wont work, like it should, like you just said...

You need an air monitor so the death works...