I want to exclude a mac address from triggering blacklisting for IDS reasons (such as ping-flood). Is there a way to do this?
For example I have a network testing tool that does discovery via ping, ARP, etc... and it is being blacklisted by IDS. I dont want to change my IDS settings (I want my normal users being checked). I just want to allow the mac of my testing tool.
I've run into a similar issue and had to disable blacklisting on our WLAN to stop blocking a valid device. The one thing you can do for a testing tool is stand up a testing SSID that is disabled except when in use (can even make it hidden) and disable blacklisting on there - that way the only device connecting is the tester. For us it was a production asset on a production network, unfortunately I didn't have the option.
From what I could research, there is no way to add an exception to the black listing. This is a shame, and I'll submit it as a feature request (if it isnt already)
I'm not going to disable the IDS module on my production WLAN (of 6000+ devices) just to allow one through - that seems ridiculous. I'll keep playing with my tool to see if I can tune down the ARP and PING frequency, or might have to tune the threshold up a little in the IDS settings. Would still be nice to be able to add a black-list exception, doesn't seem like it would be that hard to code into AOS.
Thanks for your insight and reply though.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.