I am trying to see where I can alert from the controller (through Airwave) if there is an SSID that is active with Key words. For instance, I would like to be able to have to alerts, one with an exact match (evil twin AP attack) and one alert with a keywork match (name on my company, etc.).
I do have RF protect licenses and I have been reading a few older threads on the topic and they talk about IDS settings, but I am not finding them on the controller or within Airwave. We are running 188.8.131.52 code. Any help would be appreciated.
AirWave doesn't have such an alert. It'd be a good request to make into the innovation portal. innovate.arubanetworks.com
Is there a special access needed to get to that link to add an innovation? I can't seem to register as I am not a partner...
Apparently so. Needs to be an employee or partner. You can file the request through your sales rep.
Agreed, I've fwded that feedback to the community manager.
We reciently purchased Aruba. Because we have Cisco we have a situreation where both system have to see each other until Cisco has been removed. Which is going very slow. The Aruba see the Cisco as rogues... .that is good. We are trying to do rogue detection for Evit Twin and mark the Cisco SSID as friendly. We do not want to tie the Cisco system into the Aruba system. So far Aruba has not been able to solve this problem. Little disappointed. Any idea. We have read all the documentation and reading blogs. Thank You !
For the next time, please start a new thread since the previous issue in this thread was marked resolved.
For Aruba/Cisco environment, do you also have AirWave? If so, AirWave's RAPIDS feature allows you to rule out the Cisco SSID range. Under RAPIDS -> Rules -> create rules to mark the Cisco SSID items, make sure the rule happens before the catch all rules. Rule processing for RAPIDS is top -> down.
Hi Rob, Thanks for the quick reply. I am on the cyber team. I just had an Wi-Fi Cyber by a outside security contractor complete. The Aruba recieved some findings. Pretty certain they can be resolved. The Aurba installion contractor has control of the system but our network team can make changes if approved. THe vender is unwilling to assist because they say that Rogue/Evit Twin detection is out of scope for the project. Sigh. Our network team did get on the phone with aruba and they created a custom rule that would look for evil twin and ignor the cisco APs. They mentioned that the Arub would always try to disable all the Cisco APs. After about a week, they could never get Aruba to handle Evil twin without disruption the Cisco system. It is very important we sort or a sould to have evil twin alerting and defense working. I know that there must be a solution. So really need help or find someone that has had this situation that we can talk to. Thank much !
I've pinged TAC, they'll try to reach out.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.