How can i to block deauth attack from a Kali running computer not connected to my network? I can detect the attack with the IDS signature but i can't block it. I attach an image from the security dashboard. Thanks in advance.
What version of ArubaOS is this?
Aruba OS 22.214.171.124.
You can enable "DOS Protection" on your Virtual AP http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/show_wlan_virtual_ap.htm
Thanks but is already enabled and it doesn't work.
When you say "does not work" what do you mean? What is happening and what do you want to prevent? DOS protection can only protect a deauth attack on an access point, not a client. Only MFP (802.11w) or management frame protection can specifically protect clients from such an attack. Of course, the client has to support 802.11w and you need to run ArubaOS 6.4 for a complete solution: http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/VirtualAPs/SSID_Profiles.htm?Highlight=802.11w
Sorry to revive an old post, but this same question has recently come up with a customer I'm working with.
In the 802.11w (MFP) link, it states that MFP is not supported on VAPs that are using Tunnel forarding model. Why doesn't it work with Tunneled mode and just to clarify, that means its only supported while using Bridged mode?
"me too". Even in AoS 8.4 it won't allow MFP to be enabled, much to the chagrin of the customer. Why? Workaround?
What encryption and forwarding mode are you using? What client are you also using?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.