AirWave and Network Management

Reply
Super Contributor II

Re: Who is using Airwave with Aruba 3.3.2.x

Just installed AWMS 6.2 week ago to watch a dozen controllers’ ver. 3.3.2.5 and 200+ APs
Features I like:

  • If you allow AWMS scan your switch or router MAC /arp table, it will detect and e-mail rogue APs down to the switch port
  • When Helpdesk get a call from user about the poor connection, they can do the diagnostic for that user
  • Centralize for MMS. Aruba controller does not show all users at the master controller.

Need to improve:

  • Visual RF is nice but not very good in locate a wireless device
  • Notification of AP down is too sensitive. I opened case with support, they suggested to change in group-basic-“Missed SNMP Poll Threshold (1-100)” to 3 (it was default to 1), but not help much.
  • IDS Events: no trap
  • “RADIUS Authentication Issues” work with Windows 2008 radius, but showing no traps in Windows 2003 IAS.

_____________________________________________________________
Trinh Nguyen
Computer Engineer
~Trinh Nguyen~
Boys Town
Aruba Employee

Re: Who is using Airwave with Aruba 3.3.2.x

Hi Trinh - Most of us are suffering with the lack of IDS traps. I even just upgraded to 6.3.0 and still nothing.
Regular Contributor I

IDS traps

Trinh & Mike:

Do you have WMS offload enabled?

The team here is looking into why you aren't seeing IDS traps showing up in AWMS. We'll post something here as soon as we can.

Jason
Aruba Employee

Re: Who is using Airwave with Aruba 3.3.2.x

Hi Jason - No WMS offload. I lose all visability into IDS/IPS and the ability to disable/deactivate clients and APs if I offload.
Moderator

Debugging IDS traps in AirWave

Mike:

I am sorry that you are running into issues with the IDS traps on AWMS. I have included below, the supported/unsupported IDS traps and also some troubleshooting information.

The IDS signature traps we support on AWMS are listed below. Are you seeing those traps being generated on the controller? The rogue or unauthorized AP traps from Aruba controllers (listed below) are not supported currently. All the rogues displayed on the AMP and discovered by Aruba controllers are fetched via SNMP polling.

IDS Signature traps supported:

– wlsxSignatureMatchAP
– wlsxSignatureMatchSta
– wlsxSignAPNetstumbler
– wlsxSignStaNetstumbler
– wlsxSignAPAsleap
– wlsxSignStaAsleap
– wlsxSignAPAirjack
– wlsxSignStaAirjack
– wlsxSignAPNullProbeResp
– wlsxSignStaNullProbeResp
– wlsxSignAPDeauthBcast
– wlsxSignStaDeauthBcast


IDS traps not supported
wlsxInterferingApDetected
wlsxSuspectUnsecureAPDetected
wlsxUnsecureAPDetected


Debugging IDS traps:

You can enable debugging of IDS traps by typing "qlog enable snmp_traps" after logging via ssh to the AirWave server. Once you have enabled this command you should start seeing traps received by AWMS in "/var/log/amp_diag/snmp_traps". Can you send us the log file after you see the IDS traps generated on the controller? This log file will also help us understand if you are receiving any traps from the controller. What are the commands being used on the controller to verify that you are seeing the traps?


The AirWave and Aruba Best Practices Guide includes some information on configuring AWMS as the trap receiver host. I am including a quick summary here. The 6.3 version of the document will be available next week and I can send you a copy.

- The community string and SNMP trap host community string must be the same for traps to trigger correctly on the controller.
- Aruba controllers have many virtual and physical interfaces. You must ensure the source IP of the traps match the IP that AWMS utilizes to manage the controller.
- Verify the traps enabled on the controller by typing "show snmp trap-list".


Please let me know if something is unclear..

Thanks

Sujatha
Aruba Employee

Re: Who is using Airwave with Aruba 3.3.2.x

That's most of the problem with Airwave, you don't support squat as far as Aruba traps are concerned. You make it seem like there are only three that you don't support, do a "show snmp trap-list" on a controller and count all the IDS related traps that Airwave doesn't support, it's a LOT more than three.

I mean seriously, get with it Airwave. How hard is it to support a trap? Especially those sent by Aruba, the company that owns you guys. Traps aren't the only thing that need some serious improvement here with relation to Aruba.
Highlighted
Regular Contributor I

Re: Who is using Airwave with Aruba 3.3.2.x

Thanks for the feedback, Mike. I can't say exactly what we will be doing in future releases, but we have heard from several other customers that they would like to see AWMS do more with traps. We've been working hard on improving the integration with Aruba controllers--our 6.3 release (which is available now) includes AOS configuration support through the UI (instead of text templates).

In addition to posting messages on this forum, there are several other ways to help the product management team at AirWave prioritize features for future releases.

We've just turned on a new feature at http://feedback.airwave.com/ where you can suggest new features and vote on the features suggested by other users.

Everyone is also welcome to email features@airwave.com, which will reach many people within the company. We'll follow up with you to learn more about your requirements, and we'll do what we can to incorporate that input into the product.

You can also contact me directly any time. If you don't reach me at the number in my signature, my cell phone number is 917-319-4451. For customers who have an NDA in place with Aruba, we can discuss the AWMS roadmap in detail on the phone or in person.
Super Contributor II

Re: Who is using Airwave with Aruba 3.3.2.x

Just upgraded my AWMS to 6.3., no sweat. Still reading the manual for AWMS 6.3. Already had an engineer from AW contacted me and work with my ids issues. I’ll let you know what is the outcome.
______________________________________________________
Trinh Nguyen
~Trinh Nguyen~
Boys Town
Super Contributor II

Re: Who is using Airwave with Aruba 3.3.2.x

Sujatha,

Please forward me a copy of “The AirWave and Aruba Best Practices Guide” for 6.3 as well. I upgraded my AWMS to 6.3 and all my configurations were based on “The AirWave and Aruba Best Practices Guide” for 6.2

I did the debugging of IDS traps with "qlog enable snmp_traps" and still the file “/var/log/amp_diag/snmp_traps” was showing no trap.

The command I used from the controller for showing the traps: “show snmp trap-queue”
My most interested trap is NwlsxNUserAuthenticationFailed, and according to Support, AWMS utilizes this trap. From the controller: “show snmp trap-list | include Authentication” is showing this trap is enable.

Thank you,
nguyent@boystown.org.
~Trinh Nguyen~
Boys Town
Super Contributor II

Generate IDS Traps

The following post are suggesting from AirWave Support Engineer to quickly generate IDS traps. It probably works for AOS 3.4. I am using AOS 3.3.2, and had no “ids signature-profile” command.
Please post the follow up it work for you. I am in the process upgrading my controllers to 3.4
To test the IDS traps:
Create a signature profile that triggers when a specific MAC connects to an AP. Below are the commands to create such a profile (this assumes that your AP Groups are using the signature matching profile called "default") for my laptop:

(Aruba-Controller) (config) #ids signature-profile "My Laptop"
(Aruba-Controller) (IDS Signature Profile "My Laptop") #frame-type assoc
(Aruba-Controller) (IDS Signature Profile "My Laptop") #src-mac 00:1F:3B:32:63:7E
(Aruba-Controller) (IDS Signature Profile "My Laptop") #!
(Aruba-Controller) (config) #ids signature-matching-profile "default"
(Aruba-Controller) (IDS Signature Matching Profile "default") #signature "My Laptop"
(Aruba-Controller) (IDS Signature Matching Profile "default") #!

After that, just associate to an AP and a trap should show up very quickly.
~Trinh Nguyen~
Boys Town
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: