10-05-2018 01:04 AM
I have a question about a meaningfull interpretation to detect, notify and react on Rogue AP's within our environment. We make use of Airwave, and have set it up with a RAPIDS Classification Rule that matches a company SSID together with the Controller Classification of Suspected Neighbor (it didn't gave good results without this last option). It gives it a theat level of 10.
Next we set up a Trigger in combination with this Threat Level that informs us via Email about this Rogue Device Detected.
But, since email isn't continually monitored within the IT team, esepecially during off hours, we want to monitor it with SNMP (we are making use of PRTG) so we can make it visual and couple it to app alerting on our mobiles. Is there any way that we can monitor this via SNMP? Or do we have to rely solely on email notifications?
Solved! Go to Solution.
10-05-2018 08:23 AM
If you've added your external NMS to the AMP Setup -> NMS tab. Then the trigger option for alerting to NMS can be toggled to send a SNMP msg to the tool.
Then to test, delete a known rogue that has a recent 'last seen' time. When it gets rediscovered and reclassified - you can see the example message.
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company