Wireless Access

Reply
Occasional Contributor II

Hi, any know how can I de-auth clients connect on APs classifed as rogue?

I have a controller with WIP licence and I'd like to de-auth clients connected on rogue APs (not managed by Aruba controller). Is it possible?

 

Thanks, Gian

Occasional Contributor I

Re: Hi, any know how can I de-auth clients connect on APs classifed as rogue?

Can't this be accomplished by enabling tarpitting?
Guru Elite

Re: Hi, any know how can I de-auth clients connect on APs classifed as rogue?

Occasional Contributor II

Re: Hi, any know how can I de-auth clients connect on APs classifed as rogue?

Thanks for your suggestions.

 

I did some test in our lab.

If the AP is in AP mode, both deauth-only and tarpit wireless containment are almost ineffective, client looses 1 ping randomly, all other connections work fine.

 

Instead, if I set the AP in Air Monitor mode, the  DoS against the rogue works very well and the client can not do any traffic at all.

 

Is this the expected behavior?

 

Can't the AP performance better in AP mode?

 

Thanks in advance.

 

Gian 

 

Guru Elite

Re: Hi, any know how can I de-auth clients connect on APs classifed as rogue?

gianti81,

 

An APs primary duty is to service clients.  If it has to go off channel to remove a rogue client or AP, actual AP client throughput will suffer.  Your alternative is to deploy an actual air monitor for every 4 APs that serve data to contain those rogue APs.   You can alternatively enable "ARM Rogue AP Aware":

 

http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/ARM/ARM_Profiles.htm

If you have enabled both the Scanning and Rogue AP optionsAruba APs may change channels to contain off-channel rogue APs with active clients. This security features allows APs to change channels even if the Client Aware setting is disabled.

This setting is disabled by default, and should only be enabled in high-security environments where security requirements are allowed to consume higher levels of network resources. You may prefer to receive Rogue AP alerts via SNMP traps or syslog events.

Default: disabled

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: