12-17-2014 12:56 AM
We have a huge setup of Aruba across with different controllers and APs. We keep seeing to many Rogues and suspected Rogues in Airwave based on the classification rules in RAPIDS. All our controllers are 184.108.40.206 and above. We are not using RF protect license.
My questions are:
How do I contain these rogue APs? is it possible without RF protect license to contain in anyway these Rogues?
If we purchase RF protect license will we be able to contain rogues without dedicated AMs? will the IDS profile settings apply without the WIPS license?
Appreciate your suggestions, this is becoming a concern for us.
12-17-2014 03:55 AM
12-17-2014 05:30 AM
Without RF protect license we can detect the rogues and we can do basic containment but inorder to define customised rogue classification rules and other containment methods RF protect license is mandatory
Rogue detection and containment can be done without a dedicated AM also.
For ref :
Bellow is the snapshot of a controller without RF protect license.
Here under we can list all the rogues classified by the controller and we can contain mannually.
Hope got more clarity on this,
Please feel free for any further assistance on this.
[Is my post helped you ? Give Kudos :) ]
12-17-2014 09:28 PM - edited 12-17-2014 09:32 PM
Yes, that is what I understand as a rogue. In Airwave RAPIDS we have setup Rule for rogue classification which has LAN and WLAN for detection. By contain I mean I want to stop the device from connecting on our network.
On the controller if i select a AP classified as Rogue and manually contain it, what happens to the Rogue? even without WIPS are deauth frames sent to the Rogue AP? will it stop the Rogue getting on the network?
Thank you guys for your time and suggestions.