Wireless Access

Reply
MVP
Posts: 777
Registered: ‎03-25-2009

dropped basic rates and rogue containment

A customer came up with a very good question.

 

What happens when we have 'optimized' their SSIDs by dropping lower speeds etc.

However we're also trying to contain rogues using deauth and tarpatting.


Does this work together? If the rogue has default basic rates will we be able to contain them? And (while probably not that important for actual rogues) will our tarpits accept traffic at any speed?

 

Related.. we're seeing ALOT of neighbours show up as rogues. Why is this? Were using the controllers default rules. Shouldn't he see the rogue on both wlan and lan before it marks it as rogue? 

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: dropped basic rates and rogue containment

Deauths and Tarpitting are not related to the rates that are cut on broadcasted SSIDs.  It should work.  If you are really serious about Rogue APs, an AM should be deployed.

 

With regards to the rogues, you should find out why they are marked as rogues:

 

https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-605

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 777
Registered: ‎03-25-2009

Re: dropped basic rates and rogue containment

that how-to starts from a testing point.. 

I am sure these rogues are NOT on our wired network.. so how did it get classified as a rogue?

The "show ap monitor debug status ip-addr <am-ip> " command in that how-to does not give anything that looks like the rogue?

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: dropped basic rates and rogue containment

Try show wms rogue-ap <bssid>

 

 

https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/Difference-between-suspected-rogue-and-Rogue-AP



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,643
Registered: ‎09-08-2010

Re: dropped basic rates and rogue containment

It shouldn't matter since your air monitors won't have any SSIDs configured, it should be able to contain without issue.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 777
Registered: ‎03-25-2009

Re: dropped basic rates and rogue containment

[ Edited ]

show wms rogue-ap 54:3d:37:28:46:c8

Rogue AP Info
-------------
Key Value
--- -----
BSSID 54:3d:37:28:46:c8
SSID Radisson_Guest
Channel 1
Type generic-ap
RAP Type rogue
Status up
Match Type Classification-Disabled
Match MAC 00:00:00:00:00:00
Match IP 0.0.0.0
Match AM our-ap
Match Method N/A
Match Time Tue Aug 19 12:40:04 2014

 

That classification-disabled was our problem. We apparently had the "ids-transitional-disabled" profile active on a few ap-groups. Have now changed this so all ap-groups are doing classification and we're no longer being spammed with new rogues.

 

Oh, and for those trying to troubleshoot rogue classification aswell.. check out this document.. it may be old but stil very usefull!

http://community.arubanetworks.com/aruba/attachments/aruba/ControllerBasedWLANs/47/2/PDFRogueAPGuide.pdf

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: