05-12-2015 01:15 PM
Hi Airheads Experts!
I need some help regarding RFProtect.
Earlier I found an Aruba documentation where compare what can the .ac and .n capable APs detect and what can't, so my quiestion is what kind of threats the .n APs doesn't provide protection. Now I can't find this document. So I need some help what is the exactly risk if I use .n APs for AM instead of .ac.
Thank you in advance for your reply!
05-13-2015 05:06 AM
You wouldn't be able to listen to 11ac modulated communication (256 QAM and 80 MHz channels) with 11n Air Monitors.
For 11ac devices to be backwards compatible, the management frames like beacons will go out at 20 MHz. That way non-11ac clients can detect the AP and connect to them. This means that legacy a/b/g/n APs can also wirelessly detect rogue 11ac access points. But the legacy APs won’t necessarily have visibility into the data come out of a rogue 11ac AP.
If the rogue is communicating with an 11ac client, the data frames may have a channel that is too wide, or a modulation that the legacy AP cannot decode. That means legacy APs is unable to always determine if a client is associated to the rogue. That detection is critical for more advanced features such as wireless containment and wired rogue detection. If an AP can’t hear the client on the rogue, then it cannot contain it.
Wired rogue detection is based on looking at the source MAC address of frames coming out of the rogue AP. Those are the data frames. With an 11ac rogue and an 11ac client, they may not be visible to 11a/b/g/n devices. If a legacy client connects to the 11ac rogue, then it can be detected by the legacy AP since the legacy radio can understand the traffic.
Because of these limitations, an 11ac overlay or 11ac network is recommended for high security customers. 11ac is required to make sure that all potential threats are detected.
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
05-18-2015 08:08 AM
I found an old description but there are some useful thought too.