What Does Protect SSID Setting Accomplish?

Aruba Employee
Aruba Employee

There is a setting in the IDS Unauthorized Device profile called ‘protect ssid.’  It can be configured as follows:

(MC-01) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z

(MC-01) (config) #ids unauthorized-device-profile default
(MC-01) (IDS Unauthorized Device Profile "default") #?
protect-ssid                      Enable/disable use of SSID by only valid Aps
valid-and-protected-ssid      Configure valid and protected SSID

(MC-01) (IDS Unauthorized Device Profile "default") #valid-and-protected-ssid ?
<ssid>                  SSID

(MC-01) (IDS Unauthorized Device Profile "default") #valid-and-protected-ssid test

(MC-01) (IDS Unauthorized Device Profile "default") #protect-ssid

Behavior When Protect SSID Setting is Enabled

If enabled, this tells the APs/Controller to not let any 3rd party AP (or interfering AP) to broadcast the SSID that is configured in the "valid-and-protected-ssid" of the IDS unauthorized device profile.  This means that an Aruba AP with SSID test (as configured above) will attempt to contain any non-valid AP that is advertising SSID test.

The AP does the containment by sending deauths to anything trying to associate to it (by spoofing the AP's bssid) and it should be sending deauths to the AP (by spoofing the wireless client mac address that was trying to associate to it).

Note:  This setting should be used very carefully as it prevents station associations.

Version history
Revision #:
1 of 1
Last update:
‎07-05-2014 04:22 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: