You mean Arm mode aware...
Let me explain you what it does...
The Arm mode aware convert a normal AP where there is too much coverage.... not where it see too much interference...
You need full coverage with Air monitor over your deployment.... otherwise you would want to tarpid an ap and you wont be able...
That said
First you can do L3 Rogue detection throught he controller o through the APS
Ill explain you how you do it through the controller with an example
Let say in your company you have vlan 5,6,7.8
vlan 5= servers
Vlan 6=Sales
Vlan 7=IT
vlan 8 = accounting
You will need to trunk the vlans you want to monitor
Now which vlans you would liek to monitor? how do you decide that? well normally the vlans in which normal people has access for example in my example you would monitor vlan 6 vlan 7 and vlan 8 in which normal people can plug in a linksys for example.
you wont monitor vlan 5 becasue well those ports would be hard access to normal people
Now you know which vlans you want to turnk well then you trunk them to the controller
After that you will have to create those vlans on the controller and trunk them back to the switch
After that you need to turn on the L3 rogue detection on the controller with this command
Aruba#(Config) wms general learn-system-wired-macs enable
Then to verify its on
Aruba#show wms general
Then you will have to wait for a coulpe of minuts and if you got APS connected which are not valid he will detect them as rogue ap becasues he will be able to see the mac through the wired(as you are mointoring the vlans) and trhough the air through the BSSID
now let say you plugged in a lynksys to test...
you should see that lynks on the dashboard
you can also check it on the CLI
With
Aruba# show wms wired-mac system-wired-mac
Now in the IPS /IDS configuration you have to put to contain automatically rogue APS
Then he wil automatically contain that linksys you will notice you wont be able to connect to it
When you configuring the IPS/IDS profile
Did you already configured it?
Well if you did you as personal opinion(aruba guys can advise you better there than me) but as a personal option i turn off the automatically contain a suspect rogue AP as like i said it could be a neighbor..
You should be sure what you are configuring in your IDS IPS profile or weird things will happen... like you wont be able to connect to your guest network or like i said your neighbors wont be able to connect to their OWN aps.... which is no good...