RAPIDS with Instant and Central currently doesn't allow you to build custom classification rules (that you perhaps know from AirWave).
It is using the built-in IDS scans of the IAPs only.
https://help.central.arubanetworks.com/latest/documentation/online_help/content/access-points/rogue-ap-mgmt/intrusion-detection.htmhttps://help.central.arubanetworks.com/latest/documentation/online_help/content/access-points/rogue-ap-mgmt/conf_ids_params.htmTo some degree, these rules should detect APs broadcasting the same SSID as well (as it is classified as a potential rogue AP) but you cannot customize the exact rules.
Check out the Aruba Innovation Zone and consider raising this as an idea if this doesn't exist already in some shape or form:
https://innovate.arubanetworks.com/ideasPlease also consider that containment measures might violate some local regulations. Before using any containment functionality, ensure that your intended use is allowed under the applicable rules, regulations, and policies.
Original Message:
Sent: Mar 13, 2021 04:36 AM
From: Javier Palomo
Subject: IDS/IPS to block a Rouge SSID
Hi.
We have activated some IDS and IPS rules in our network (80 Virtual Cotrollers of IAP 305) manage by Aruba Central.
But we want to detect SSIDs that contains some words of our SSIDs or are the same, but we don´t know how to do this.
In the documentation don´t see anything. I think it was possible with controllers and applying some rules.
Any suggestion to do with Central?
Thank you in advance.
Javier.
------------------------------
Javier Palomo
------------------------------