Controllerless Networks

Hi.

I configure Airwave and RAPIDS with IAP (iap-115 and iap-225).

I configure rapids to classify an specific AP with specific SSID like valid (using rpiads rules), so the WIPS don't containment this AP (valid) and containment only the rogue AP.

When I enable containment in the IAP (groups -> instant config-> ids -> proteciont). the IAP attacks my valid AP/SSID.

Somebody could help me on this?

Are there somthing else to configure in the Airwave/RAPIDS/IAP?

Thanks in advanced.

If you want to contain Rogue AP discovered by IAP using RAPIDS from Airwave, you need to enable containment option in RAPIDS > Setup page.

once we enable this option, you will see containment option in drop down list in Rapids>Rules page.

Create a containment rule, for example if you want to contain a rogue device broadcasting your valid SSID, create below rule

In SSID box, provide your valid SSID. once you add, this rule, Airwave will contain rouge AP which is broadcasting your valid SSID.

We could manually contain rogue aswell from Rouge RAPIDS>Details in Airwave.

Click on any rogue device in Airwave , it will take us to detial page, under this we have RAPIDS Classification Override: option, select containment option from drop down list and click apply.

Hi, Pavan.

I did exactly what you say and even so I can connect to 'not desire' SSID at tha Rogue AP.

IAP and Airwave can contained a specific rogue AP?

I classify AP manually to contained rogue but I can connect on it.

Did containment pushed to rogue AP ? If you are manually pushing the containment in RAPIDS>Detail page of rogue you will see the status down the page whether AP is contained or not?

Did you enabled settings in RAPIDS>Setup page, before containing the rogue manually?

when you logged in to IAPs does that AP showing as rogue or contained?

Regards,

Pavan

I made a manually containment, after by rules not working.

Yes, I enable containment in the Rapids>Setup

When I log in the IAP and choose IDS I see the AP as 'disable-rogue'

in rapids>detail page screen shot i could see controller already classifed that particular rogue device as contained and in IAP,  status is showing as disabled.

Have you enabeld IDS>proticetion setting in Airwave? If yes, I beileve those setting got pushed to IAP, based on this setting IAP containing the rogue AP.

If you want to contain through Airwave set those settings to low and try manual contain the rogue.

Based on output it looks rogue is already disabled and we should not able to connect to the SSID. Can you try with a different rogue devices and check the status.

Hi, Pavan.

After change IDS protection to low, the configuration of the AP shows as mismatched (pictures attached). How can I fix this?

what exact mismatch it is showing, can you click on mismatch , it will take you to the page where it shows the mismatch configuation.

We dont need to worry much regarding mismatch, did you click apply after making changes?

Have you tried testing the containment with different rogue AP?

it looks you havent click apply button after making changes in IDS. Try click apply to push configuration to IAP,

Instead of setting to low,set to off , click apply. once configuraton get pushed test containment with Airwave RAPIDS.

As I mentioned in my preivous post, IAP classifed the device as contained (based on IDS setting) and also you manually contained rogue from Airwave. It looks rogue is already contained, if you still connecting to the device, try test with different one.

Hi, Pavan.

I did everything again (new AMP, reset iap etc)

I create a new rule with classification Contained Rogue.

The AMP show me information conrrectly ( I think), but in the IAP, the IDS windows show me the contained rogue as 'Disable Rogue/Rogue'.

Is there something else or any troubleshooting that I miss or help?

Best regards,

Could you please open TAC tikcet to debug the issue.

Hi, Pava.

After I enabled 'Wireless containment:' in the VC>IDS>Protection, it works like I wish.

Thanks for help.

Good! I thought you have already enabled those setting in IDS section.

Regards,

Pavan