Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

WIP - Config questions and tips needed.

Jump to Best Answer
  • 1.  WIP - Config questions and tips needed.

    Posted Jan 31, 2013 04:22 AM

    Hi Guys,

    :smileymad:

    Good morning,I just deployed a RFP for the first time at client site - and after doing some reading , I have a few questions:I will be more than glad if couple of you can send me some technical answers and configuration tips.

    • How the controller auto-define: Rouge | Neighbor | Suspect | Interfering | Valid ?
    • Can I force the controller to define any other network except the client Aruba network as Suspect or interfering and contain|block them?
    • If my client would like to Contain just nearby or in the building office itself (in order not to interrupt the other offices - What is the SNR that recommenced to achieve for example - 10 meters from each AP of Aruba.
    • How do i define to the controller not to block a speseifc SSID (that in the controller) or an OPEN ssid that isnt connected to the Controller itself?

    (ArubaOS 6.1.3.5 Running on-site)

     

    Thanks in Advance.

     

    Me.



  • 2.  RE: WIP - Config questions and tips needed.
    Best Answer

    Posted Jan 31, 2013 05:31 AM

    @kdisc98 wrote:

    Hi Guys,

    :smileymad:

    Good morning,I just deployed a RFP for the first time at client site - and after doing some reading , I have a few questions:I will be more than glad if couple of you can send me some technical answers and configuration tips.

    • How the controller auto-define: Rouge | Neighbor | Suspect | Interfering | Valid ?
    • Can I force the controller to define any other network except the client Aruba network as Suspect or interfering and contain|block them?
    • If my client would like to Contain just nearby or in the building office itself (in order not to interrupt the other offices - What is the SNR that recommenced to achieve for example - 10 meters from each AP of Aruba.
    • How do i define to the controller not to block a speseifc SSID (that in the controller) or an OPEN ssid that isnt connected to the Controller itself?

    (ArubaOS 6.1.3.5 Running on-site)

     

    Thanks in Advance.

     

    Me.




    The easiest way to configure that is to run the WIP Wizard.

     

     The Wizard will give you the options to influence how rogues are classified.  How the controller automatically classifies rogues is here:  https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/Rogue-Classification-on-AOS-6-0

     

    You can configure something called a "Valid SSID" which means that the controller will allow devices to connect to that SSID.  You can then block traffic from connecting to anything but Valid SSIDs.

     

    The controller normally looks at client associations to contain devices, so even if you can see powerful access points from far away, if the controller cannot see the client associating to it, it will not do anything.  If it can see your users attempting to associate to it, and you have protection on, it can stop those users, however.

     

    You can define a specific SSID as a Valid SSID to keep it from being blocked.

     

    Again, IDS/IPS is a very involved topic and you need to (1) Read the entire chapter on IDS/IPS to fully understand it and (2) Test any scenario before putting it into production so that you do not create any performance issues.

     

     

     



  • 3.  RE: WIP - Config questions and tips needed.

    Posted Jan 31, 2013 06:21 AM

    Hi

    Thank u for that answer, but i have another question.

     

    i want to connect another AP that is not aruba to my network and prevent it from being automaticlly marked as rogue.

    how do i do that?

     

    Thanx in advanved/

     

     



  • 4.  RE: WIP - Config questions and tips needed.

    Posted Jan 31, 2013 06:32 AM

    You must mark it as a Valid AP



  • 5.  RE: WIP - Config questions and tips needed.

    Posted Jan 31, 2013 06:54 AM

    Thank



  • 6.  RE: WIP - Config questions and tips needed.

    Posted Jan 31, 2013 07:47 AM

    Hi again

     

    is there a way to make it valid automatically?

    i've tried to enter the AP's Mac And SSID to the valid table, but it is still marked as rugue and as contained.



  • 7.  RE: WIP - Config questions and tips needed.

    Posted Jan 31, 2013 07:49 AM

    If you see it in the Dashboard under security, change the designation to Valid there.

     

    You cannot make it Valid automatically.

     

     

    EDIT:  Click on the Reclassify button to make it Authorized.