Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

IDS: Valid Client Misassociation

This thread has been viewed 31 times

  • 1.  IDS: Valid Client Misassociation

    MVP
    Posted Dec 09, 2015 11:17 AM

    Detecting a Valid Client Misassociation

    This feature does not detect attacks, but rather it monitors authorized (valid) wireless clients and their association within the network. Valid client misassociation is potentially dangerous to network security. The four types of misassociation that we monitor are:

     Authorized Client associated to Rogue—A valid client that is associated to a rogue AP
     Authorized Client associated to External AP—An external AP, in this context, is any AP that is not valid and not a rogue
     Authorized Client associated to Honeypot AP—A honeypot is an AP that is not valid but is using an SSID that has been designated as valid/protected
     Authorized Client in ad hoc connection mode—A valid client that has joined an ad hoc network

     

     

    This does the detection of all those 4 misassociations at the same time apparently.

    So what happens when say a student normally connecting to the schools network now connects to his personal WLAN in his dormitory (which is close enough to be detected by the schools APs)? Will the schools APs and AMs now start deauthing that user from his own AP?

     



  • 2.  RE: IDS: Valid Client Misassociation

    MVP
    Posted Dec 11, 2015 11:32 AM

    Anyone?



  • 3.  RE: IDS: Valid Client Misassociation
    Best Answer

    EMPLOYEE
    Posted Dec 11, 2015 12:07 PM

    No.  Detection and Protection are two different things.  Detection is just reporting.



  • 4.  RE: IDS: Valid Client Misassociation
    Best Answer

    MVP
    Posted Feb 18, 2016 05:41 AM

    Ok, so detection does just the reporting, but say we want to protect our clients from connecting to rogue access points and hence enable "Protect Valid Stations".

     

    http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-protect-valid-sta/td-p/2172

     

    So in our situation where we have students living right next to the campus in range of our Aruba APs we cannot enable Protect Valid Stations or we'd run the risk of 'protecting' those clients from their own home networks.

    Unless ofcourse we mark their home networks as valid/authorized which doesn't seem feasable to keep up to date either.

     



  • 5.  RE: IDS: Valid Client Misassociation

    EMPLOYEE
    Posted Feb 18, 2016 05:43 AM
    Correct.