Home > Community > Technology > Wireless Access > Re: L3 rogue detection

Wireless Access

Reply
Topic Options
MVP MVP
MVP
cdelarosa

L3 rogue detection

‎03-02-2012 05:06 PM

Okay i got a few question regard to this

1- I dont need an Air monitor ap to use this... i just can use it with any ap?

2-You just need to trunk all vlans that i want to be checked to one AP?

3-If  i just need to trunk it to just one AP, it is recomended to trunk it to at leas 2? just in case one goes down?

4-If i just trunk all the vlans to one AP, let say im a big company and i got  A LOT of vlans... is not recommened to trunk all vlans to one AP? or this just doesnt matter?

 

 

Any good practice using this is welcome if any of you can mention them.

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Alert a Moderator
Message 1 of 28
4,208 Views
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: L3 rogue detection

‎03-03-2012 03:40 AM - edited ‎03-03-2012 03:41 AM

NightShade1 wrote:

Okay i got a few question regard to this

1- I dont need an Air monitor ap to use this... i just can use it with any ap?

2-You just need to trunk all vlans that i want to be checked to one AP?

3-If  i just need to trunk it to just one AP, it is recomended to trunk it to at leas 2? just in case one goes down?

4-If i just trunk all the vlans to one AP, let say im a big company and i got  A LOT of vlans... is not recommened to trunk all vlans to one AP? or this just doesnt matter?

 

 

Any good practice using this is welcome if any of you can mention them.

 

 

1.  You can use an AP for detection, but an Air Monitor is much more effective.

2.  Yes.

3.  Yes, but the controller will also collect macs on any VLAN that is trunked to (System-Wired-MAC).  That is  a better approach.  

4.  Please see comment #3

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 2 of 28
4,196 Views
Reply
MVP MVP
MVP
cdelarosa

Re: L3 rogue detection

‎03-03-2012 09:02 AM

Hello Cjoseph

thanks for asnwering my tread

 

So in this case i would be able to trunk all the vlans to the Wireless controller INSTEAD of any AP, and it will still collect the mac address?

 

If that true then i ask you something

1-On the switch that the WC is plugged i trunk all the vlans to the WC

2-On the WC do i have to configure the vlans and also trunk back even if i dont use them? or its like the AP in which i had to do nothing? on the AP i just trunk the vlans to it and thats it... but i dont trunk anything back, could you please clarify me this one for me cjoseph

 

Thanks

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Alert a Moderator
Message 3 of 28
4,190 Views
Reply
0 Kudos
Highlighted
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: L3 rogue detection

‎03-03-2012 01:41 PM

It just has to be trunked to the controller.  To turn on wired mac learning:

 

#config t wms general learn-system-wired-macs enable

 To see what macs the controller has learned:

 

show wms wired-mac system-wired-mac

 To know if it is even on or not:

show wms general


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 4 of 28
4,181 Views
Reply
MVP MVP
MVP
cdelarosa

Re: L3 rogue detection

‎03-03-2012 02:00 PM

Thank you very much cjoseph

 

just one last quesiton

If you had APs on air monitor and you could just turn on this

Which one you would pick?  any of those are okay ? one is not better than the other or at least less recommended?

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Alert a Moderator
Message 5 of 28
4,178 Views
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: L3 rogue detection

‎03-03-2012 02:02 PM

A combination is best.

 

There is always one remote VLAN that you cannot physically trunk to the controller.  You would put an AP on that trunk.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 6 of 28
4,176 Views
Reply
MVP MVP
MVP
cdelarosa

Re: L3 rogue detection

‎03-03-2012 02:05 PM

This is true this is true.... i got one scenario exactly just like that.

 

Thanks you very much cjoseph!!!

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Alert a Moderator
Message 7 of 28
4,174 Views
Reply
0 Kudos
Frequent Contributor I
FlorianKueck

Re: L3 rogue detection

‎03-27-2012 02:34 AM

Are the learned mac address shown in the gui?

 

My Controller detects a few rouge aps but i did not get the information about the wired mac.

The controller marks an AP as rouge if it is seen on wireless an wired side of the network, correct?

Alert a Moderator
Message 8 of 28
4,131 Views
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: L3 rogue detection

‎03-27-2012 02:37 AM

"show wms rogue-ap <wireless mac of ap>" will say how it was discovered.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 9 of 28
4,129 Views
Reply
0 Kudos
Frequent Contributor I
FlorianKueck

Re: L3 rogue detection

‎03-27-2012 02:44 AM

There is no way to see it on the dashboard?

 

Where is the information how it wa discovered? I'n not shure if it is really a rogue ap or an interfering.

 

Rogue AP Info
-------------
Key           Value
---           -----
BSSID         00:11:XX:XX:XX
SSID          FRITZ!BoxFon WLAN 7170
Channel       12
Type          generic-ap
RAP Type      rogue
Status        up
Match Type    Eth-GW-Wired-Mac
Match MAC     00:a0:c5:XX:XX:XX
Match IP      0.0.0.0
Match AM      OAP-ZV0XX
Match Method  Exact-Match
Match Time    Tue Mar 27 09:09:50 2012

Alert a Moderator
Message 10 of 28
4,126 Views
Reply
0 Kudos
Search Airheads
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Copyright © 2016 Aruba, a Hewlett Packard Enterprise company.
All Rights Reserved.
Powered by Lithium