Wireless Access

Reply
MVP
Posts: 754
Registered: ‎03-25-2009

IDS: Valid Client Misassociation

Detecting a Valid Client Misassociation

This feature does not detect attacks, but rather it monitors authorized (valid) wireless clients and their association within the network. Valid client misassociation is potentially dangerous to network security. The four types of misassociation that we monitor are:

 Authorized Client associated to Rogue—A valid client that is associated to a rogue AP
 Authorized Client associated to External AP—An external AP, in this context, is any AP that is not valid and not a rogue
 Authorized Client associated to Honeypot AP—A honeypot is an AP that is not valid but is using an SSID that has been designated as valid/protected
 Authorized Client in ad hoc connection mode—A valid client that has joined an ad hoc network

 

 

This does the detection of all those 4 misassociations at the same time apparently.

So what happens when say a student normally connecting to the schools network now connects to his personal WLAN in his dormitory (which is close enough to be detected by the schools APs)? Will the schools APs and AMs now start deauthing that user from his own AP?

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
MVP
Posts: 754
Registered: ‎03-25-2009

Re: IDS: Valid Client Misassociation

Anyone?

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 20,795
Registered: ‎03-29-2007

Re: IDS: Valid Client Misassociation

No.  Detection and Protection are two different things.  Detection is just reporting.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 754
Registered: ‎03-25-2009

Re: IDS: Valid Client Misassociation

[ Edited ]

Ok, so detection does just the reporting, but say we want to protect our clients from connecting to rogue access points and hence enable "Protect Valid Stations".

 

http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-protect-valid-sta/td-p/2172

 

So in our situation where we have students living right next to the campus in range of our Aruba APs we cannot enable Protect Valid Stations or we'd run the risk of 'protecting' those clients from their own home networks.

Unless ofcourse we mark their home networks as valid/authorized which doesn't seem feasable to keep up to date either.

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 20,795
Registered: ‎03-29-2007

Re: IDS: Valid Client Misassociation

Correct.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: