03-05-2012 06:22 PM - edited 03-05-2012 06:24 PM
I was wondering of any of you got a more detailed information of what does the toptions in this profile.
Yes i know they are on the manual but i will give you an example of why im asking this.
i got the IPS configured on a client.
Well i used the wizard and well i configured what i though it was okay as far i read on the manual
The detect misconfigured ap value when I got this on, and I got the captive portal well, the open ssid, this paramether doestn let the client to connect to it.. I had to disable it so the clients could connect to it… on the guide didn’t say anything about this
It just says:
A list of parameters can be configured that defines the characteristics of a valid AP. This feature is primarily
used when non-Aruba APs are used in the network since the Aruba controller cannot configure the thirdparty
APs. These parameters include WEP, WPA, OUI of valid MAC addresses, valid channels, and valid
This is not a 3rd party AP it’s the same Aruba AP… and still won’t let my user connect.
It would be awsome if this was a topic on the knoledge base of how to configure correctly the IPS
Im just asking this becasue i really wanna know what im doing....
Product Manager - Aruba Networks
03-06-2012 01:34 AM
This unauthorized device profile also applies to Aruba APs. You need to ensure that you are allowing anything that your Aruba APs are doing, otherwise, your own clients will be stopped, as well. The unauthorized device profile is one of the most powerful lockdown mechanisms, because it defines ONLY what you want to happen within your environment. If someone misconfigures your WLAN out side of your specifications in the Unauthorized profile, for example, it will not let even your own clients connect. You need to define anything that you are doing at the time.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
03-14-2012 02:52 PM
You mentioned the 'detect misconfigured AP' setting. All that setting does is detect and alert on misconfigured APs. No wireless containment will be enabled by any of the 'detect' options. They do just what the name implies, detect problems. You do not need to worry about impacting your network by enabling detection.
That is very different than the 'Protect Misconfigure AP' setting. The protection mechanisms will enable wired and/or wireless contianment depending on what containment methods you enabled. The 'Protect' options may keep your users off of invalid networks, invalid users off of your network, all users off of rogue devices, etc. Care should be excersized before enabling any protection policy.
The protect features works as outlined by Colin in the previous post.