Wireless Access

Reply
MVP
Posts: 341
Registered: ‎04-25-2013

[WIP Issue] open SSID association

hi and happy new year.

I use the WIP Wizard to configure the wip (ids and ips) , but when done found that the users can’t associate with an open WLAN ( guest wlan) , and didn’t know way .

Any suggestion, any idea, any usefull document.

Thank you.

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Guru Elite
Posts: 21,567
Registered: ‎03-29-2007

Re: [WIP Issue] open SSID association

rchahboune,

 

Change the configuration back to the default.  We do not have enough information to understand why it is not working.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 341
Registered: ‎04-25-2013

Re: [WIP Issue] open SSID association

yes,

i do that ( i disable the IPS and the IDS ), and when done the  the association to the OPEN SSID become possible.

 

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Guru Elite
Posts: 21,567
Registered: ‎03-29-2007

Re: [WIP Issue] open SSID association

Well,

 

That is your answer.  The problem is your settings.  IDS settings can block traffic from legitimate SSIDs, as well.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 341
Registered: ‎04-25-2013

Re: [WIP Issue] open SSID association

i configure a new WIP profile

do the following

 

IDS Configuration

high level

IPS configuration

High level

 when done , the asscotiation with the open (captive portal WLAN) become impossible , custumer can't connect to it, and when i disable the WIP (ids and ips off), the association with the open WLAN become possible and normal.

my question is what is the WIPS parameter that prevent the assocation with the open WLAN.

regards

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Contributor I
Posts: 26
Registered: ‎04-13-2009

Re: [WIP Issue] open SSID association

Please uncheck the following under IDS Unauthorized Device profile under the advance tab.

- Privacy
- Require WPA
MVP
Posts: 341
Registered: ‎04-25-2013

Re: [WIP Issue] open SSID association


wajih.anees@bell.ca wrote:
Please uncheck the following under IDS Unauthorized Device profile under the advance tab.

- Privacy
- Require WPA

thank you for the replay  i have uncheck Require WPA but not Privacy , i will do iit soon.

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
MVP
Posts: 1,414
Registered: ‎11-30-2011

Re: [WIP Issue] open SSID association

have you checked your logs, they might provide information on why clients are kicked off when WIPs is on, then you can disable those.

Guru Elite
Posts: 21,567
Registered: ‎03-29-2007

Re: [WIP Issue] open SSID association


rchahboune wrote:

i configure a new WIP profile

do the following

 

IDS Configuration

high level

IPS configuration

High level

 when done , the asscotiation with the open (captive portal WLAN) become impossible , custumer can't connect to it, and when i disable the WIP (ids and ips off), the association with the open WLAN become possible and normal.

my question is what is the WIPS parameter that prevent the assocation with the open WLAN.

regards


We need the exact WIP configration to understand what could be blocking the clients--there are MANY checkboxes that could be stopping clients from connecting.

 

Honestly, IDS/IPS  is typically not applied to an open SSID, because there are many attacks that could be done to users that do not have encryption enabled.  If the customer is serious about  protecting against attacks, they should first enable strong encryption.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 341
Registered: ‎04-25-2013

Re: [WIP Issue] open SSID association

hi cjoseph,

for the configuration i followed the WIPS wizard , and i configure the the ids and ips rule at the high level.

I use the IDS/IPS for some APGROUP that contain a VAP with strong encryption (WPA2 Entrerise) and  open SSID (Guest SSID with captive portal authentication).

when done the open ssid has become inaccessible.

 

 

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Search Airheads
Showing results for 
Search instead for 
Did you mean: