Wireless Access

Reply
Regular Contributor I
Posts: 231
Registered: ‎05-04-2011

Turn off rouge detection

Is it possible to turn off rouge detection? If so is it a global setting or can you turn it on or off per AP group?

MVP
Posts: 4,228
Registered: ‎07-20-2011

Re: Turn off rouge detection

[ Edited ]

 

 

It is under the IDS settings in the AP-Group

 

(controller) #show  ids ?
ap-classification-rule  IDS AP Classification Rule profile
ap-rule-matching        Show the IDS Active AP Rules Profile
dos-profile             Show an IDS Denial Of Service Profile
general-profile         Show an IDS General Profile
impersonation-profile   Show an IDS Impersonation Profile
management-profile      Show the IDS WMS Management Profile
profile                 Show an IDS Profile
rap-wml-server-profile  Show an IDS RAP WML Server Profile
rap-wml-table-profile   Show an IDS RAP WML Table Profile
rate-thresholds-profi.. Show an IDS Rate Thresholds Profile
signature-matching-pr.. Show an IDS Signature Matching Profile
signature-profile       Show an IDS Signature Profile
unauthorized-device-p.. Show an IDS Unauthorized Device Profile
wms-general-profile     Show the IDS WMS General Profile
wms-local-system-prof.. Show the IDS WMS Local System Profile

 

AP Group_2013-09-20_09-07-57.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Moderator
Posts: 1,252
Registered: ‎10-16-2008

Re: Turn off rouge detection

Did you mean in general or just from being displayed?  If you're referring to rogues in AMP, you can hide the RAPIDS tab by toggling the AMP Setup -> General tab -> AMP features box -> Display RAPIDS = No.  If you do so, you would also want to delete any trigger/alerts that are based on RAPIDS along with any reports since RAPIDS will still process in the background.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Regular Contributor I
Posts: 231
Registered: ‎05-04-2011

Re: Turn off rouge detection

The client doesn't have Airwave (Yet). I'm looking to turn off rogue detection on a particular AP group so that it doesn't show up on the Dashboard>Security section.

 

The rest of the groups I still want to continue to find rogue AP's.

 

I made the following changes on the group but hasn't seemed to help. (unchecked them)

 

 

 

 

 

Guru Elite
Posts: 20,799
Registered: ‎03-29-2007

Re: Turn off rouge detection


Jaasperff wrote:

The client doesn't have Airwave (Yet). I'm looking to turn off rogue detection on a particular AP group so that it doesn't show up on the Dashboard>Security section.

 

The rest of the groups I still want to continue to find rogue AP's.

 

I made the following changes on the group but hasn't seemed to help. (unchecked them)

 

 

 

 

 


Jaasperf,

 

Two things:

 

In 6.2 and above, the "Learn AP" parameter has been moved from the IDS profile, which is a per-ap-group parameter, to WMS general, which is a  parameter that "Learns" or marks access points as Valid until you can shape your IDS/IPS policy.  In 6.1.x, it used to be in the IDS profile, so you could "Learn" or mark all foreign access points discovered in that AP-group as valid.  In addition, if you uncheck "Rogue Classification" it will mark ALL access points as rogues, so you want that checked so that it does not exacerbate your problem:

 

classification.PNG

 

Here is the parameter to enable Learning, so that new external access points are not classified as rogues:

learn.PNG

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 231
Registered: ‎05-04-2011

Re: Turn off rouge detection

Collin,

 

Thanks for the reply on this.

 

Customer is on 6.2.1.2

 

They are looking to turn off all detection on a particular AP group because that office is located in a strip mall and constantly has new SSID being brought up and taken down. They definately want to keep rogue detection on for their other campus locations.

 

So tell me if I"m wrong here but from what I you stated that is no longer possible on a "per AP group" on the 6.2.X.X. 

 

Customer will most likely be moving to 6.3.X.X after we implement CPPM in a few months. Do you if it will be possible then?

 

 

 

 

 

 

Guru Elite
Posts: 20,799
Registered: ‎03-29-2007

Re: Turn off rouge detection


Jaasperff wrote:

Collin,

 

Thanks for the reply on this.

 

Customer is on 6.2.1.2

 

They are looking to turn off all detection on a particular AP group because that office is located in a strip mall and constantly has new SSID being brought up and taken down. They definately want to keep rogue detection on for their other campus locations.

 

So tell me if I"m wrong here but from what I you stated that is no longer possible on a "per AP group" on the 6.2.X.X. 

 

Customer will most likely be moving to 6.3.X.X after we implement CPPM in a few months. Do you if it will be possible then?

 

 

 

 

 

 


Jaasperf,

 

Suggestions:

 

It is no longer possible to do AP learning per ap-group and there are no plans to  bring that back.

The controller will ALWAYS report rogues that are BOTH on the wired AND wireless network of the access points at that location.  Are there other access points on the wired network that need to be ignored there?  Are there other access points that are being reported as rogues and are not?

You can use the WIP wizard to create a rogue classification rule so that access points that are seen to something harmless like neighbor.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 509
Registered: ‎05-11-2011

Re: Turn off rouge detection

Hey Jaasper, what did you end up doing here? We have the same "issue" for all our RAP's. It's really just clogging up the Rogue AP list since most of our employees have the RAP in addition to one or two private wifi-routers. Adding them automatically to Neighbour sounds like a good idea..


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: