Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

dropped basic rates and rogue containment

This thread has been viewed 1 times

  • 1.  dropped basic rates and rogue containment

    MVP
    Posted Aug 19, 2014 06:18 AM

    A customer came up with a very good question.

     

    What happens when we have 'optimized' their SSIDs by dropping lower speeds etc.

    However we're also trying to contain rogues using deauth and tarpatting.


    Does this work together? If the rogue has default basic rates will we be able to contain them? And (while probably not that important for actual rogues) will our tarpits accept traffic at any speed?

     

    Related.. we're seeing ALOT of neighbours show up as rogues. Why is this? Were using the controllers default rules. Shouldn't he see the rogue on both wlan and lan before it marks it as rogue? 

     



  • 2.  RE: dropped basic rates and rogue containment
    Best Answer

    EMPLOYEE
    Posted Aug 19, 2014 06:28 AM

    Deauths and Tarpitting are not related to the rates that are cut on broadcasted SSIDs.  It should work.  If you are really serious about Rogue APs, an AM should be deployed.

     

    With regards to the rogues, you should find out why they are marked as rogues:

     

    https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-605

     

     



  • 3.  RE: dropped basic rates and rogue containment

    MVP
    Posted Aug 19, 2014 06:45 AM

    that how-to starts from a testing point.. 

    I am sure these rogues are NOT on our wired network.. so how did it get classified as a rogue?

    The "show ap monitor debug status ip-addr <am-ip> " command in that how-to does not give anything that looks like the rogue?



  • 4.  RE: dropped basic rates and rogue containment

    EMPLOYEE
    Posted Aug 19, 2014 06:47 AM

    Try show wms rogue-ap <bssid>

     

     

    https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/Difference-between-suspected-rogue-and-Rogue-AP



  • 5.  RE: dropped basic rates and rogue containment
    Best Answer

    MVP
    Posted Aug 19, 2014 07:53 AM

    show wms rogue-ap 54:3d:37:28:46:c8

    Rogue AP Info
    -------------
    Key Value
    --- -----
    BSSID 54:3d:37:28:46:c8
    SSID Radisson_Guest
    Channel 1
    Type generic-ap
    RAP Type rogue
    Status up
    Match Type Classification-Disabled
    Match MAC 00:00:00:00:00:00
    Match IP 0.0.0.0
    Match AM our-ap
    Match Method N/A
    Match Time Tue Aug 19 12:40:04 2014

     

    That classification-disabled was our problem. We apparently had the "ids-transitional-disabled" profile active on a few ap-groups. Have now changed this so all ap-groups are doing classification and we're no longer being spammed with new rogues.

     

    Oh, and for those trying to troubleshoot rogue classification aswell.. check out this document.. it may be old but stil very usefull!

    http://community.arubanetworks.com/aruba/attachments/aruba/ControllerBasedWLANs/47/2/PDFRogueAPGuide.pdf

     



  • 6.  RE: dropped basic rates and rogue containment

    EMPLOYEE
    Posted Aug 19, 2014 06:50 AM
    It shouldn't matter since your air monitors won't have any SSIDs configured, it should be able to contain without issue.