Wireless Access

Reply
MVP
Posts: 3,009
Registered: ‎10-25-2011

IDS Unauthorized Device profile

[ Edited ]

Hello again

I was wondering of any of you got a more detailed information of what does the toptions in this profile.

Yes i know they are on the manual but i will give you an example of why im asking this.

 

i got the IPS configured on a client.

Well i used the wizard and well i configured what i though it was okay as far i read on the manual 

 

The detect misconfigured ap value  when I got this on, and I got the captive portal well, the open ssid, this paramether doestn let the client to connect to it.. I had to disable it so the clients could connect to it… on the guide didn’t say anything about this

It just says:

A list of parameters can be configured that defines the characteristics of a valid AP. This feature is primarily

used when non-Aruba APs are used in the network since the Aruba controller cannot configure the thirdparty

APs. These parameters include WEP, WPA, OUI of valid MAC addresses, valid channels, and valid

SSIDs.

 

This is not a 3rd party AP it’s the same Aruba AP… and still won’t let my user connect.

 

It would be awsome if this was a topic on the knoledge base  of how to configure correctly the IPS

Im just asking this becasue i really wanna know what im doing....

 

Cheers

 

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: IDS Unauthorized Device profile

This unauthorized device profile also applies to Aruba APs.  You need to ensure that you are allowing anything that your Aruba APs are doing, otherwise, your own clients will be stopped, as well.  The unauthorized device profile is one of the most powerful lockdown mechanisms, because it defines ONLY what you want to happen within your environment.  If someone misconfigures your WLAN out side of your specifications in the Unauthorized profile, for example, it will not let even your own clients connect.  You need to define anything that you are doing at the time.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Moderator
Posts: 123
Registered: ‎04-17-2009

Re: IDS Unauthorized Device profile

You mentioned the 'detect misconfigured AP' setting.  All that setting does is detect and alert on misconfigured APs.  No wireless containment will be enabled by any of the 'detect' options.  They do just what the name implies, detect problems.  You do not need to worry about impacting your network by enabling detection. 

 

That is very different than the 'Protect Misconfigure AP' setting.  The protection mechanisms will enable wired and/or wireless contianment depending on what containment methods you enabled.  The 'Protect' options may keep your users off of invalid networks, invalid users off of your network, all users off of rogue devices, etc.  Care should be excersized before enabling any protection policy.

 

The protect features works as outlined by Colin in the previous post.

Search Airheads
Showing results for 
Search instead for 
Did you mean: