06-13-2019 01:02 PM
My boss asked about what we can do about true rouge AP
1. we can detect with the IDS rules, I have this working on our entire deployment
2. in our LAB I want to test that if our ssid test-123 and some set "test-123" or similar we can do a Manual contain (for example test-456 should alert)
3. I have my phone doing a fake "test-123" or "test-456"
Air wave detected as a rouge, i manually set to "contain"
however nothing happens devices can connect to it no issue
I have the IDS settings set up on the IAP config via airwave as well i have tri Tarpit invlaid and all
but still nothing i'm not sure if i'm missing a step or if this a controller only thing
as a side note i have IAP in my house (no airwave) and I cannot get them to block ether.
we have a pen test coming and i would really like this to work
Solved! Go to Solution.
06-13-2019 01:46 PM
We will work with you on this by creating a case, basically TAC needs to test this out in-house or work with IAP engineers, to see if the containtment is happening correctly, from IAP's. i have your email, i will create a case to work with you.