Wireless Access

Reply
Regular Contributor I

WIPS in non-aruba environment

Hi guys, i am doing POC of WIPS where customer have Cisco wireless environment. My controller has only AMs deployed and i do have rfprotect license. I am doing this without airwave first.
I have issue with the ap classification where the classification is very inconsistent. My classification rule sets all SSID as neighbor and then cust will re-set them manually to either valid or rogue but my controller most of the time will put all SSID to interfering by default. I need to know what causes this?
Ricky E. Lee
CWNA | ACMP | ACCP
Guru Elite

Re: WIPS in non-aruba environment

What is your classification rule?

 

This is actually not simple.  We would first need to know what you have configured, what commands your customer used to make changes and what APs have entered and left the area to know what exactly is going on.  It would be hard to guess exactly what is going on.

 

Let's start with what you are testing and maybe we can take it from there..

 

Have you seen the rogue AP definitive guide?  https://community.arubanetworks.com/aruba/attachments/aruba/ControllerBasedWLANs/47/2/PDFRogueAPGuide.pdf

 

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Regular Contributor I

Re: WIPS in non-aruba environment

Hi Colin,

Customer is a Cisco wireless user. They have no Aruba AP. I am testing to use Aruba AM to protect all their valid SSID and then terminate all other SSIDs.

The testing today wasnt so smooth, all SSID whatever it was classifiefld to (rogue, manual contain, valid, neighbor) always get terminated when i turned on the wireless termination. (Both tarpit and deauth only gave me same result).

Currently my biggest problem is my client get terminated even when it is classified in either valid or neighbor.
Ricky E. Lee
CWNA | ACMP | ACCP
Guru Elite

Re: WIPS in non-aruba environment

Client classification should not really matter in your situation (rogue/valid).  AP classification is what is important protect SSID.  You need to make the AP BSSIDs Valid for what you are trying to do, and the client should not get terminated.  In a 100% Aruba situation APs that terminate on the controller would automatically be labeled as valid.

 

Making a client Valid will not stop it from being deauthed or tarpitted if there is a rule preventing Valid Clients from connecting to an AP, really.  Clients would be marked Valid automatically if they connected to an Aruba AP with encyption, but it does not apply in this circumstance.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Guru Elite

Re: WIPS in non-aruba environment

If you want an environment where connections are only allowed to your customer's SSIDs, use the configuration in the screenshot, where SSID1 and SSID2 are your customer's SSIDs:

misconfigured.png

Mark all of your customer's APs as Valid before you do this.

 

I need to let you know that in some countries there are strict rules against interrupting wifi traffic and your customer should get some legal advice about what they can and cannot do.

http://community.arubanetworks.com/t5/Wireless-Access/The-FCC-has-clarified-their-stance-on-wireless-containment-but/m-p/226286

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Regular Contributor I

Re: WIPS in non-aruba environment

Hi Collin,

 

few questions:

1. Do i not need to fill that valid channel config?

2. If i put the valid SSID there, will the SSID be put to valid automatically?(even if it not Aruba's)

3. in below screenshot, i have all my SSID as neighbors and Valid but i still get deauth containment message.

 Capture.JPG

 

here is my config

Capture.JPG

Ricky E. Lee
CWNA | ACMP | ACCP
Regular Contributor I

Re: WIPS in non-aruba environment

update: i have tested to upgrade my controller to 6.5.1.9 and 6.5.4.3 but i am still seeing same issue.

My valid and neighbor non-Aruba SSIDs still get deauth containment from the AM.

is there additional config i might be missing? i have check protect SSID and put all the valid ssid under protect valid.

Ricky E. Lee
CWNA | ACMP | ACCP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: