Wireless Access

Reply
Occasional Contributor II

Same device in Multiple Device Groups

Hi,

 

      On the deployment as depicted below (Note WLC is deployed in H-REAP mode):

      Data Center            |              Branch Location-1
                                        |
  Cisco WLC ------------|---------Router----Switch-------AP
   |                                   |
  AMP                             |

                                       |             Branch Location-2

                                      |

                                       | --------Router----Switch-------AP

 

    If I need to configure 2 device group one for each branch location can I put WLC in both the device group in the Airwave Configuration. Or what is the suggested configuration for these type of deployments.

 

Thanks,

Tuhin

Moderator

Re: Same device in Multiple Device Groups

I'd suggest having a 3rd group where the WLC resides.  In the end, you'd have 3 groups.

WLC

Branch 1

Branch 2

 

You should not add a device into AMP twice as this will cause database issues.  (AMP expects unique IP and MAC addresses for devices).


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Occasional Contributor II

Re: Same device in Multiple Device Groups

Hi Rob,

 

               Thanks for the reply. One of the requirement I have for this deployment was Rogue AP detection.

               I have a question on this, once the AMP gets the 'Wireless AP Scan' data from WLC. Now since WLC and other devices are in different groups, will AMP be able to find the right set to devices which need to be polled for 'Wired Correlation'.

Thanks,
Tuhin

Moderator

Re: Same device in Multiple Device Groups

All devices are polled periodically.  The ordering of the wired/wireless scans doesn't matter.  Correlation happens when RAPIDS sees that it has 2 events within a set time period (designated in RAPIDS -> Setup).  The only thing that matters for RAPIDS is the RAPIDS -> Rules.  The rules are processed from the top down, and stops once it finds a rule that applies.  The general recommendation is to begin with the most specific rules, and then work your way to the broad catch-all rules.  These rules are different for every deployment depending on which rogues are more important.

 

For example: to several customers, a rogue found on the wired and wireless is the most important.  For other customers, a rogue that's heard wirelessly by at least 3 APs with a signal strength of -60 (or stronger) is a more severe rogue.  Typically, the rules for specific known rogues should be made first, then rules for specific valid internal devices, and then after that you go into the more general rules.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: