Wireless Access

Reply
Occasional Contributor II
Posts: 13
Registered: ‎10-28-2014

Rogue APs and RFprotect

Hi,

 

We have a huge setup of Aruba across with different controllers and APs. We keep seeing to many Rogues and suspected Rogues in Airwave based on the classification rules in RAPIDS. All our controllers are 6.3.1.5 and above. We are not using RF protect license.

 

My questions are:

How do I contain these rogue APs? is it possible without RF protect license to contain in anyway these Rogues?

If we purchase RF protect license will we be able to contain rogues without dedicated AMs? will the IDS profile settings apply without the WIPS license?

 

Appreciate your suggestions, this is becoming a concern for us.

 

Thanks

Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Rogue APs and RFprotect

Can you define contain for us?

Rogue is often an overused term. A rogue is only one that is plugged into your network and is the only one you can legally take action on.

Sent from Nine<>

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Rogue APs and RFprotect

Hi,

 

Without RF protect license we can detect the rogues and we can do basic containment but inorder to define customised rogue classification rules and other containment methods RF protect license is mandatory  

 

Rogue detection and containment can be done without a dedicated AM also.

 

For ref :

 

Bellow is the snapshot of a controller without RF protect license.

 

Here under we can list all the rogues classified by the controller and we can contain mannually.

 

Rogue1.JPG

 

Hope got more clarity on this,

 

Please feel free for any further assistance on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II
Posts: 13
Registered: ‎10-28-2014

Re: Rogue APs and RFprotect

[ Edited ]

Hi,

 

Yes, that is what I understand as a rogue. In Airwave RAPIDS we have setup Rule for rogue classification which has LAN and WLAN for detection. By contain I mean I want to stop the device from connecting on our network.

 

On the controller if i select a AP classified as Rogue and manually contain it, what happens to the Rogue? even without WIPS are deauth frames sent to the Rogue AP? will it stop the Rogue getting on the network?

 

Thank you guys for your time and suggestions.

 

Regards,

 

 

Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Rogue APs and RFprotect

You would need to physically disconnect the device or shut the switchport down.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: