Home > Community > Technology > Wireless Access > Rogue access point

Wireless Access

Reply
Topic Options
harpo321
Contributor I
harpo321

Rogue access point

‎07-17-2012 04:00 AM

 

 Hi,

 

 we have a deployment with 250 access point and AOS-3.4.4.1 with rogue detection and containment.

We have an air monitor connected to the network in a trunk port to see all vlan´s.

I have some ssids and one of them is a guest network with a PSK . If I connect a wireless router as ap client to this network and redistribute the conection via ethernet port doing nat, the device is not detected as rogue.

It is detected as interfering because there is not a relationship between the wired and wireless mac in the same router.

How can I establish a relationship between both of them?

 

Thanks

Alert a Moderator
Message 1 of 5
2,055 Views
Reply
0 Kudos
Moderator
Moderator
Plane

Re: Rogue access point

‎07-23-2012 08:00 AM

Rogue APs are typically devices that are on your wired network and are rebroadcasting that without any security.  In this case the AP is simply a wireless bridge.  It is no different than a client associating to the AP and gathering data.  In this case how has the ap client gained access to the PSK to join the network?  That would be the real security issue to me.  Someone has broken your security mechanism and gained access to the network.  That ap client could just as easily be a real client that is pulling down data and storing it locally.  That would be a security risk as well.

Alert a Moderator
Message 2 of 5
2,031 Views
Reply
0 Kudos
harpo321
Contributor I
harpo321

Re: Rogue access point

‎08-02-2012 04:23 AM

Hi,

 

Really, this is a wireless bridge. The tittle is not correct.

Our institution have many users with guest psk access and the wireless bridge could be installed in any place into the campus.

Is there any procedure to solve this problem? The internal users are dangerous many times.

 

Thanks

 

 

 

Alert a Moderator
Message 3 of 5
2,018 Views
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cjoseph

Re: Rogue access point

‎08-02-2012 04:43 AM

I am not sure that we can tell that there is NATTED traffic behind a valid user.  If you are using a PSK to get on your network and someone has the PSK, they are authorized, along with the traffic behind them.  There is no real way to detect that.

Your big issue is that you cannot disable users individually, because you are using a shared PSK.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Alert a Moderator
Message 4 of 5
2,016 Views
Reply
0 Kudos
harpo321
Contributor I
harpo321

Re: Rogue access point

‎08-02-2012 05:51 AM

Ok, thanks for your answer.

But I thought the "detect wireless bridge" in IDS profile could detect it..

Alert a Moderator
Message 5 of 5
2,013 Views
Reply
0 Kudos
Search Airheads
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Copyright © 2016 Aruba, a Hewlett Packard Enterprise company.
All Rights Reserved.
Powered by Lithium