I'm not sure how simple or complicated this is, but I am curious about the 'protect' class of checkboxes in regards to IDS on the Aruba controller. For example, we currently have 'detect adhoc networks' checked, but not 'protect from adhoc networks'. I seem alerts constantly in airwave that adhoc networks are detected, but what would the protect box actually do? Prevent devices from connecting to an adhoc network? Prevent an adhoc network from attaining and maintaining connections? Ideally, there is a database of valid users - there almost has to be, right? - that have already connected to my valid SSIDs. Does airwave only prevent THOSE devices from connecting to an adhoc network - when said adhoc network is within range of my valid SSIDs, of course - or does it prevent ANYONE from connecting to an adhoc network while in range? I would prefer the former, but I could live with the latter I guess. The same question/pondering/rambling goes for the other 'protect' boxes as well: does protect mean 'prevent connection'? It seems like if protecting does mean that the bad SSIDs/APs/BSSIDs cannot be connected to by my valid devices, then rogue mitigation becomes a purely hands-off process - once properly configured. Between the controller and airwave, I define valid APs, everything else, whether a neighbor, rogue, or even impersonator becomes irrelevant, since the controller and airwave will only allow devices to connect to valid APs, and kill any other connections. Even better is if the same combination let's other devices connect to them - i.e. they aren't contained, so the heart monitors in the hospital across the street can still connect to the hospital APs, but none of my devices can connect to the hospital APs.
Does that make sense?
Short version: Does checking the 'protect' boxes in the IDS configuration portion of the controller *prevent* my devices from connecting to the type of thing being protected from?
Thanks all,
Russell
