Network Management

Hi airheads.

 

I´m trying to override the AP classification on the controller using the Airwave´s RAPIDS Module.

My rules on the RAPIDs are working fine they are classifying very well, but  my controller is not changing the type of AP. 

My controller still saying they are suspectect rogue.

 

How can I correct this?

 

The communication between the controller and the Airwave its ok (ssh and enable). I test it sending a command directly from the Airwave.

I´m Attaching a screeshot form my list of rogues in the controller and the RAPIDS setup. 

 

Thanks in advance. 

Have you setup Airwave on the controller as a management server? "mgmt-server type amp ...."

What version of AOS are you running?

What happens when you manually classify a rogue from Airwave?

Is it actually classified a rogue on the controller? "show wms ap list"

Visit this kb for more: https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/Rogue-containment-from-Airwave-to-Aruba-controllers

1.- Yes I have configured the Airwave as management server. 

 

2.- AOS: 6.3.1.7 & Airwave: 7.7.10

 

3.- The change is only applied it the Airwave and change the classifying rule to "Manual classification override"

 

4.- No, they appears as interfeing.  

 

5.- I saw the  KB and all its ok. 

 

I´m attaching you 2 scrrenshoots related to the questions 3 & 4. 

Can you show me your RAPIDS rule that you setup?

Sure, Here you are. RAPIDS Classification Rule Rule name: Classification: Threat Level: Enabled: Yes No Device has been detected wirelessly: Yes No (remove condition) SSID: Matches Does Not Match Matches Regular Expression Enter a list of SSIDs, one per line. An asterisk (*) is a wildcard. Matching is case-insensitive, and ignores whitespace and non-alphanumeric characters. (remove condition)

EDIT:

You are classifying all SSID's as Rogues except for the ones in that list. Correct?

If all the proper settings are enabled as per the RAPIDS best practices guide and the kb article I sent you, the classification should be pushed down.I have followed similar practices and it works for me.

 

If that is not happening, a support case is the only way to get a deeper understanding of what is going on.

erickyruiz,

 

The controller and Airwave maintain separate classifications for Rogues, etc.  To make changes in Airwave propagate to the controller, you need to enable WMS Offload:  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/Rogue-containment-from-Airwave-to-Aruba-controllers  You can configure WMS Offload here:  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-881

I thought WMS Offload is not needed for Airwave rogue containment, at least that is what TAC has advised me.

pmonardo,

 

If you can find what they told you, that would be useful and we can discuss it.  To automatically have airwave sync its Rogue database with the controller we need to configure WMS offload.

 

EDIT:  I am wrong and pmonardo is right.

 

Here is how to configure Rogue Containment with Airwave without WMS Offload.  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/Rogue-containment-from-Airwave-to-Aruba-controllers

 

 

 

WMS offload for me was when the controller is under heavy stress to offload its WMS database to Airwave.

Thanks Colin but attempting to find that case that I opened 2 years ago would have been very difficult.

 

If I contain manually (RAPIDS Classification Override) it works good I mean the conttroller gets the classification, but my intention is to automatically contain if something hits my policy. This is because I will have an audit and the auditor could use rouge APs. Once the audit starts I should not have intervention.