Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

Airwave and Controller Rogue Detection

This thread has been viewed 10 times

  • 1.  Airwave and Controller Rogue Detection

    Posted Oct 13, 2015 09:42 AM

    Hi All

     

    I have a customer with a master local controller setup running AOS 6.4.2.4 on a pair of 7210's. We also have airwave configured and one of the main reasons for this was Rogue detection and alerting.

     

    Currently, the controller can see one rogue on the security tab on dashboard. Airwave is also showing a rogue, which is great. Except, they aren't the same device.

    Airwave says it learnt the rogue classification from a controller classification but the rogue Airwave knows about is not listed on the controller.

     

    Even more strangely, even though the dashboard on the controller still shows one rogue, if I do 'show wms ap list' on the CLI, there are no rogues listed.

     

    Airwave version is 8.0.6.3

     

    Any help much appreciated


    #7210


  • 2.  RE: Airwave and Controller Rogue Detection
    Best Answer

    EMPLOYEE
    Posted Oct 13, 2015 09:47 AM

    Please read the airwave rogue classification chapter here:  http://www.arubanetworks.com/techdocs/AirWave_8_0_Web_Help/UserGuide.htm#AWUserGuide/Chapter6_RAPIDS/Using_RAPIDS_and_Rogue_Classification.htm#07rapids_1654598663_27976

     

    Airwave has rules on top of what it learns from the controller about what to classify as a rogue, so you can expect more "rogues" from Airwave, just based on classification.  Rules can be relaxed or tightened based on what you consider a rogue.



  • 3.  RE: Airwave and Controller Rogue Detection

    Posted Oct 13, 2015 10:25 AM

    Yes, I've read that before and I think I am doing the right thing with my rules but why does a rogue get reported as 'controller classified' when I don't have that AP listed on the controller? And why doesn't the AP that is classified as rogue on the controller, and meets one of my rules on Airwave, not appear on Airwave?



  • 4.  RE: Airwave and Controller Rogue Detection

    EMPLOYEE
    Posted Oct 13, 2015 10:38 AM

    You should open a TAC case in parallel to make sure your rules are correct.  If the controller saw a Rogue AP, and the AP is removed, within 30 minutes it will no longer be on the controller.  Airwave will keep in historically much longer.

     

    The AP that is classified as rogue on the controller, see if it is even in Airwave, but misclassified by one of your rules.

     

     



  • 5.  RE: Airwave and Controller Rogue Detection

    EMPLOYEE
    Posted Feb 19, 2024 04:10 AM

    Updated location for the Airwave RAPIDS documentation.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message