Wireless Access

Reply
Contributor I
Posts: 80
Registered: ‎04-29-2013

Rogue containment

We are trying to test our rogue containment with airwave and can't seem to block the SSID. We have a phone being used as a hotspot. Airwave detects it, and I go into Airwave and set it's classification as a contained rogue. I also go into the controller and set it as contain manually, and marked to contain 'yes' - we do not have offloading turned on. I have wireless containment set to 'tarpit-non-valid-sta'. What am I missing here?

Thanks,

Russell

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Rogue containment

Hi,

 

Did you configure the following in RAPIDS ?

 

1. manage rogue containment set to yes?

2. manage rogue ap containment in monitor only mode is also allowed ?

 

As a good practice, remove " contain manually " in the controller coz, Airwave will send the instruction to the Controller if it finds a rouge .

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Contributor I
Posts: 80
Registered: ‎04-29-2013

Re: Rogue containment

both are set to yes.

 

Frequent Contributor I
Posts: 69
Registered: ‎05-06-2013

Re: Rogue containment

M
Frequent Contributor I
Posts: 69
Registered: ‎05-06-2013

Re: Rogue containment

Be aware of local laws which may prevent this kind of setup.
Occasional Contributor I
Posts: 7
Registered: ‎06-18-2015

Re: Rogue containment

How does the Controller treat a hotspot we mark to contain, if I manually contain it?

 

Note:  We only use Airwave for reporting.. so I don't think Airwave will help us here.

 

Does the Crontroller treat anything differently depending how it is labeled, if it is 'not' marked to contain?

I.E. rogue vs suspected rogue vs Interfering vs Neighbor vs Valid

Guru Elite
Posts: 20,762
Registered: ‎03-29-2007

Re: Rogue containment

If you mark to contain, the controller will actively send out deauths whenever a device tries to associate to it.

If it is just marked rogue, there are settings that say what the controller will do if it sees a rogue device.  It could just report it, or send out deauths.  Please see the guide here:  Aruba_WIP_Technology_Guide_v1.pdf ‏369 KB



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 7
Registered: ‎06-18-2015

Re: Rogue containment

The guide seems to approach it from the Airwave perspective.

 

Where do I see these settings on the confroller?

7240

Guru Elite
Posts: 20,762
Registered: ‎03-29-2007

Re: Rogue containment

That would be wired or wireless containment  in the IDS profile: http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/ids_general_profile.htm?Highlight=containment



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 7
Registered: ‎06-18-2015

Re: Rogue containment

When containing a rogue, how are the sorrounding valid SSID/users treated?  Are they left untouched, or will the de-auth affect them as well?

Search Airheads
Showing results for 
Search instead for 
Did you mean: