09-13-2012 07:36 AM - edited 09-13-2012 07:37 AM
I have an issue with deauth containment not working on rogue APs. Well, I shouldn't say it's "not working". It seems to work off and on, but not nearly as well as it should.
Some network details:
Aruba 6000 chassis with two m3 controllers (one local, one master)
an extremely dense deployment of 350+ AP105s
I do have 'rogue AP aware' enabled in my ARM profile (see screenshot for complete ARM profile config), but mode aware is not enabled. We were advised against it by our sales engineer.
Am I missing anything configuration-wise?
I appreciate any insight/advice. :)
09-13-2012 08:21 AM
Do you have the IDS/IPS (RF Protect) license (only necessary for Tarpitting)
Do you have Deauth, or Tarpit in your IDS General Profile?
Lastly, do you have "Rogue Containment" in your IDS Unauthorized Device Profile?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
09-17-2012 08:23 AM
I would recommend opening a TAC case. Another thing to try is running the 'show ap monitor conainment-info' command from the CLI. It is a lower level debugging command that will tell you how many containmnet packets have been sent.
09-21-2012 11:40 AM - edited 09-21-2012 11:41 AM
do you have on the area that the rogue ap is, do you got an air monitor covering that area?
Beacause if the asnwer is no then, it wont work, like it should, like you just said...
You need an air monitor so the death works...
Product Manager - Aruba Networks