Network Management

Reply
Contributor I

Move Suspected Rogue to Rouge AP

Dear allfriends and expert,

 

Im researching WIPS/WIDS features with RFprotect license.

When i plug into an AP ( Aruba) to network and broadcast random SSID.

My controller dectect it AP is Suspected Rouge.

my understand IPS/IDS does not apply for Suspected rouge AP right ?

Thank you so much !

Re: Move Suspected Rogue to Rouge AP

It is dependant on your WIPS rules and what is configured in regards to . If the controller sees evidence of the Suspected Rogue AP on the wired side, it will classify it as Rogue and your containment rules (if any) will be actioned. You can also configure rules to contain suspected rogues based on their calculated confidence level.

 

Protect Suspect Rogue

 

If you need to manually contain an AP, you can do so via Manual Containment under Security -> Contain Manually

 

Take a look at this as it contains some really good information.

 

http://www.arubanetworks.com/assets/tg/TG_WIP.pdf

 

http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/New_WIP/Rogue_AP_Detection.htm


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Guru Elite

Re: Move Suspected Rogue to Rouge AP


Lee Nguyen wrote:

Dear allfriends and expert,

 

Im researching WIPS/WIDS features with RFprotect license.

When i plug into an AP ( Aruba) to network and broadcast random SSID.

My controller dectect it AP is Suspected Rouge.

my understand IPS/IDS does not apply for Suspected rouge AP right ?

Thank you so much !


You can just enable "Suspected Rogue Containment" in the IDS Unauthorized Device Profile:

Screenshot 2017-03-18 at 05.20.29.png


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: