Wireless Access

Reply
New Contributor
Posts: 2
Registered: ‎03-10-2011

Deauth Containment

[ Edited ]

Hey everyone,

 

I have an issue with deauth containment not working on rogue APs. Well, I shouldn't say it's "not working". It seems to work off and on, but not nearly as well as it should.

 

Some network details:

Aruba 6000 chassis with two m3 controllers (one local, one master)

an extremely dense deployment of 350+ AP105s

 

I do have 'rogue AP aware' enabled in my ARM profile (see screenshot for complete ARM profile config), but mode aware is not enabled. We were advised against it by our sales engineer.

 

Am I missing anything configuration-wise?

 

I appreciate any insight/advice. :)

Guru Elite
Posts: 21,289
Registered: ‎03-29-2007

Re: Deauth Containment

Do you have the IDS/IPS (RF Protect) license (only necessary for Tarpitting)

 

Do you have Deauth, or Tarpit in your IDS General Profile?

 

Lastly, do you have "Rogue Containment" in your IDS Unauthorized Device Profile?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Moderator
Posts: 123
Registered: ‎04-17-2009

Re: Deauth Containment

I would recommend opening a TAC case.  Another thing to try is running the 'show ap monitor conainment-info' command from the CLI.  It is a lower level debugging command that will tell you how many containmnet packets have been sent.

New Contributor
Posts: 2
Registered: ‎03-10-2011

Re: Deauth Containment

Yes, we do have the necessary RF Protect licensing.

 

Yes, wireless containment is is set to deauth-only.

 

Yes, rogue containment is enabled in the IDS Unauthorized Device profile.

MVP
Posts: 3,009
Registered: ‎10-25-2011

Re: Deauth Containment

[ Edited ]

Hello

do you have on the area that the rogue ap is, do you got an air monitor covering that area?

Beacause if the asnwer is no then, it wont work, like it should, like you just said...

 

You need an air monitor so the death works...

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: