Controllerless Networks

last person joined: yesterday 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

IDS/IPS to block a Rouge SSID

This thread has been viewed 14 times
  • 1.  IDS/IPS to block a Rouge SSID

    Posted Mar 13, 2021 04:37 AM

    We have activated some IDS and IPS rules in our network (80 Virtual Cotrollers of IAP 305) manage by Aruba Central.

    But we want to detect SSIDs that contains some words of our SSIDs or are the same, but we don´t know how to do this.

    In the documentation don´t see anything. I think it was possible with controllers and applying some rules. 

    Any suggestion to do with Central?

    Thank you in advance.


    Javier Palomo

  • 2.  RE: IDS/IPS to block a Rouge SSID

    Posted Mar 15, 2021 02:19 PM
    RAPIDS with Instant and Central currently doesn't allow you to build custom classification rules (that you perhaps know from AirWave).
    It is using the built-in IDS scans of the IAPs only.

    To some degree, these rules should detect APs broadcasting the same SSID as well (as it is classified as a potential rogue AP) but you cannot customize the exact rules.

    Check out the Aruba Innovation Zone and consider raising this as an idea if this doesn't exist already in some shape or form:

    Please also consider that containment measures might violate some local regulations. Before using any containment functionality, ensure that your intended use is allowed under the applicable rules, regulations, and policies.

  • 3.  RE: IDS/IPS to block a Rouge SSID

    Posted Mar 15, 2021 03:47 PM
    Thank you very much Oliver. I´ll post my idea.

    Best Regards.

    Javier Palomo