Wireless Access

Reply
Occasional Contributor II
Posts: 17
Registered: ‎04-18-2017

WIPS on APs only

I have a network that has 1200 APs and 500 AMs. I can tarpit rogue SSIDS currently. I have a requirement from my customer that for the time being, we only want to tarpit rogues using the APs. Not the AMs.

 

I know this wont work well and that APs can only tarpit on the channel they are serving and all that. But this is what I have to do.

 

Is there a way in AMP or the controller, to specify to only allow APs to deauth and tarpit rogues?

 

 

Guru Elite
Posts: 20,978
Registered: ‎03-29-2007

Re: WIPS on APs only

You only configure your IDS tarpitting policies in AP groups that have access point Rd, not air monitors. As an aside, tarpitting is meant to require very few resources, so it does not matter. If anything a user would want their AMs to do ids/IPS. Lastly, customers need to be careful and consult their own legal authority to understand how they can and cannot deploy IDS/IPS within their own environments: http://community.arubanetworks.com/t5/Wireless-Access/The-FCC-has-clarified-their-stance-on-wireless-containment-but/m-p/226342#M46143


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Highlighted
Occasional Contributor II
Posts: 17
Registered: ‎04-18-2017

Re: WIPS on APs only

AH! So in my AM groups just set them to none?

Search Airheads
Showing results for 
Search instead for 
Did you mean: