11-01-2012 07:32 AM
We're ready to implement rogue containment and have been trying to get some best practice or experience based recommendations for containing rogues, while maintaining maximum performance for the legitimate users.
We have APs and AMs installed and are offloading rogue classification to WMS.
Since we have AMs, should we enable containment just on the AMS and leave the APs just doing scanning.
Or would we have the AMs contain on all channels, but make sure the APs are client aware so they don't go off channel to contain.
What about deauth vs. tarpitting. Would we tarpit on the APs and deauth on the AMs (i assume that the AMs wouldn't be able to tarpit since they can't terminate any client connections)
Any recommendations wuold be appreciated.