Wireless Access

Reply
MVP
Posts: 562
Registered: ‎11-28-2011

RAPs vs RFP

Hi All,

 

Probably one for the security junkies here. Been a while since I saw a customer buy a WIP(RFP) license!

 

Consider RAPs, and in this case, a customer has an RFP license obviously.

 

My theory here is that I want RFP on the campus (configure that in detail later), but NOT on their RAPs. This is obviously because we want to avoid detecting rogues in user homes, ad-hocs in user homes etc. That's not really any of our business what they're doing! So as far as I can see, the best way to achieve this is by applying an unauthorized-device-profile into the ap-group, that has everything turned off, thus...

 

ids unauthorized-device-profile "detection-disabled"
   no detect-windows-bridge
   no classification
   no overlay-classification
   no oui-classification
   no prop-wm-classification
   no detect-sta-assoc-to-rogue
   no detect-unencrypted-valid-client
   no detect-adhoc-using-valid-ssid
   no detect-valid-client-misassociation
!

 

Anybody care to suggest a flaw in this plan or thinking? Assume the corporate laptop at home is locked down by AD.

 

Cheers!

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Aruba Employee
Posts: 31
Registered: ‎08-12-2011

Re: RAPs vs RFP

[ Edited ]

That would certainly work.

We would still detect Wi-Fi networks as Interfering (except the Ad-Hoc of course).

 

Good solution.

 

Cheers

 

Giles

 

MVP
Posts: 1,435
Registered: ‎10-25-2011

Re: RAPs vs RFP

Have you got Airwave? If so, you can ignore Rogues from remote-aps.

 

By disabling that profie, wouldn't it affect the ability to discover those IDS events at the campus level?


Unless you have a specific AP group for Campus and 1 for RAPS at which point you can configure a IDS profile for the campus and do what you suggested for the RAP AP Group

 

 

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
Showing results for 
Search instead for 
Did you mean: