Wireless Access

Reply
Frequent Contributor I

Ignore Specific SNMP Traps/IDS Notifications

I'm not really sure if this belongs in the Airwave section or the Controllers section, so I'll try here first because Airwave is where I'm seeing the messages.

 

I'm getting SNMP/IDS Messages for specific traps I'd like to disable.  Specifically, notifications of Clients associating to Rogue APs.  While in some areas this is very useful, for my environment it just causes headaches.  We're a university that is surrounded by a lot of Apartment buildings to one side of our campus, and I'd like to disable this to clear out my Airwave RAPIDS logs.  Can someone direct me to where this is listed so I can disable these messages, and possibly other messages of this nature.  I can't seem to find this.  Thanks in advance.

Frequent Contributor I

Re: Ignore Specific SNMP Traps/IDS Notifications

I apologize, I guess I haven't had enough coffee this morning, but I finally found it.  For those that also want to do this, its located on the Controller.  I had to access Configuration -> All Profiles.  Then look at the IDS -> IDS Unauthorized Device Profile and remove the checkbox for Detect Station Association to Rogue AP.  I believe this will solve my problem.  I'm going to give it a while to propagate information.  

 

Thanks to anyone who decided to read this.

Guru Elite

Re: Ignore Specific SNMP Traps/IDS Notifications

You have two choices:

 

1 - Disable the Specific trap generation on the Aruba Controller, OR

2 - Uncheck the IDS option on the controller

 

To do #1, I looked at the document here:  http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=5719 to see what trap is being generated.  Based on your email it looks like the trap wlsxStaAssociatedToUnsecureAP.  I would then do this:

 

ruba3600) (config) #snmp-server trap disable ?
<name>                  trap name. A list of valid names can be found using 
                        the command show snmp trap-list

(Aruba3600) (config) #snmp-server trap disable wlsxStaAssociatedToUnsecureAP

 You would have to do this on each individual controller.

 

2.  You could then uncheck this parameter, in the IDS  Unauthorized Device profile of each AP-Group that you want to apply this to.  If every AP uses this profile, you would deal with your issue globally without having to disable traps for each controller:

 

rogue.png

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I

Re: Ignore Specific SNMP Traps/IDS Notifications

Thanks!  Disabling globally was easiest for me as I'm using the default profle.  Thanks for the additional information on the CLI.

Moderator

Re: Ignore Specific SNMP Traps/IDS Notifications

To check the trap status on the controller:

# en

> show snmp trap-list

 

To disable the SNMP traps you don't want to see:

# conf t

# snmp-server trap disable (trap_name)

# snmp-server trap disable (trap_name_2)

ctrl+z

# write mem

 

To enable a trap:

# conf t

# snmp-server trap enable (trap_name)

# snmp-server trap enable (trap_name_2)

ctrl+z

# write mem

 

*Note: when enabling/disabling traps, it's 1 trap per entry line, there's no easy way to perform this in bulk.  I usually write the list out in notepad (without #s) and then copy / paste into SSH/telnet command line.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: