06-19-2012 11:25 AM
I recommend turning on 'wired containment' and 'tarpit-all-sta' settings from an IPS standpoint. Neither are defaults...but both have major value in enabling with two mouseclicks.
06-20-2012 01:34 PM
Do you have Airwave?
Most of the process for us has been about identifying what triggers we want to alert someone about starting in severity with rogues and working down to more common events. Have you gone through the RAPIDS best practices guide? It is available on your AMP in the documentation page.
If you dont have AMP, tweak you classification rules to make sure your events are relevant.
06-21-2012 10:27 PM
Yes i do have AMP.
I can't locate the RAPIDS best practices guide. Which AMP documentation is it in? I've looked through "Aruba and Airwave 7.5 Best Practices Guide" and "Air Wave 7.5 User Guide". Could not find anything relating to RAPIDS best practices.