Community Feedback

last person joined: yesterday 

How is the community doing? Do you have any questions or feedback related for the Airheads Community team? This is the place to let us know.
Back to discussions
Expand all | Collapse all

Day in the life of an Aruba SE - when a demo goes wrong (but some good comes of it)

This thread has been viewed 0 times

  • 1.  Day in the life of an Aruba SE - when a demo goes wrong (but some good comes of it)

    Posted Dec 07, 2012 12:40 PM

    Imagine the situation. You're in a customer meeting updating them on the latest and greatest from Aruba. With nothing more than a RAP3 and an internet connection you have the power of the full Aruba Clearpass suite ready and poised for demo.

     

    I connect the RAP3 to the customer's wired internet line, we wait a few minutes, for it to connect and bring up the VPN to our remote demo, it's not looking good. A PIX firewall is suspected and there isn't time to fix it right away.

     

    Not to worry, there's a good guest wireless service being offered from the existing Aruba wireless system. I know that NATT is allowed out as my VIA client is working across it, so I'll connect to that then bridge this through my laptop's wired port to the RAP3. All is looking good, until I get disconnected from the guest wifi?????

     

    OK, I am not going to be defeated, and am determined to show something to the customer. They have a number of smaller branch offices that would be well served with Instant. A quick prod with a paperclip and the RAP3 is reset to Instant mode, another reboot and we'll be in business. I see the Instant SSID and connect from my iPad, open the Instant GUI, and it is terribly slow/unresponsive. Today is not my lucky day!

     

    What actually happened here?

     

    The customer has an excellently deployed and configured Aruba controller based wireless system. Although much of it is based on legacy controllers and APs, it immediately:

     

    Detected an attempt to bridge wireless to wired on the guest network and blocked this

     

    Detected a rogue AP connected to the wired infrastructure (the RAP3 in Instant mode) and blocked my iPad client from sending traffic to it.

     

    Reviewing the logs on the controller we were able to see all of this and identify the rogue client as an iPad on SSID Instant.

     

    An excellent and unintended demo of the comprehensive security features available on Aruba equipment, which although configured, the customer had never seen in action.

     

    Suffice to say,  I'll be back to this customer forearmed and ready to demo again.

     

    Hope you enjoyed this story

     

    regards

     

    Neil



  • 2.  RE: Day in the life of an Aruba SE - when a demo goes wrong (but some good comes of it)

    Posted Dec 07, 2012 05:50 PM

    Thanks for sharing Neil! Great story!  tu



  • 3.  RE: Day in the life of an Aruba SE - when a demo goes wrong (but some good comes of it)

    Posted Dec 08, 2012 10:35 PM

    Well this reminds me of last week

    I was on a custumer doing some configs for his Controller

     

    Now what happens?

    I wasnt able to connect with the VIA and i was like yeah i fortgot putting the sslfallback... i turn it on and i yet cannot connect. via connecting our firewall and ssh the controller from it... the 443 port is open and reachable  as i did telnet the ip address of the wireless controller port 443

    I also tried telnet to port 4500 whcih was defenitelly blocked..

     

    So i was like well... it must be something im missing... since i was doing something else i was not paying too much attention to it

    After that i go home and guess what i block IPSEC connection to test the fallback and it works perferctly... and i dont have a chance to go to the custumer just to test that again so now i dotn nkow what happened there :(

     

     



  • 4.  RE: Day in the life of an Aruba SE - when a demo goes wrong (but some good comes of it)

    Posted Dec 31, 2012 06:01 AM

    :) :( Nice Story