Network Management

Good evening/day to all, depends where you are :)

 

We are managing this network, financial sector, where the users are corporate employees.

It has been determined that we do not want the corporate users associating to anything but the corporate network.

 

Now, in order to set this up properly, we created a WIPs policy on the controllers. Don't have the details as of right now (at home) but we also are using Airwave to manage the network.

 

We have some RAPIDS rules setup to automatically contain rogues based on certain rules, such as any open network within -70db would be contained, any encrypted network not broadcasting our corporate SSID is a neighbour.

 

I was just wondering if anyone has any advice on properly securing this network or if anyone has had similar setups and can share their experiences.

 

Thanks,

p

If you have the RFProtect license, you can do this within the controller.  Please do a search for "protect valid stations" in the ArubaOS 6.1 user guide:

 

We do have an RFProtect license but we would like to use Airwave in order to control IPS.

 

I understand that it is the controller that does all of the work and protect valid stations is within our WIPs policy.

So, as far as I understand it by having "protect valid stations" enabled, the controller will automatically protect all clients meaning it will not allow them to associate to any other AP, regardless.?

 

 

 

---

@pmonardo wrote:

We do have an RFProtect license but we would like to use Airwave in order to control IPS.

 

I understand that it is the controller that does all of the work and protect valid stations is within our WIPs policy.

So, as far as I understand it by having "protect valid stations" enabled, the controller will automatically protect all clients meaning it will not allow them to associate to any other AP, regardless.?

 

 

 

---

Valid Stations are stations that have connected to the Aruba controller using some sort of encryption.  The controller keeps track of all the mac addresses of these devices.   Protect Valid Stations does not allow any of those devices to connect to any APs outside of your Aruba WLAN.  That behavior is only when those clients are within earshot of your company's access points.

 

 

thx

Hi all,

 

If we find a "rogue station/client" in Airwave, and we want to set it as "valid" (due to some special requirement)... is it better to "define" the "rogue station/client" as "valid" in Airwave or controller? _____

 

Thus, for Airwave, we go to "RAPIDS > List > Detail Page", under "WMS Classification Override" to classify it as Valid? .... Or....

Should we go to the controller to "valid" the client? 

If Airwave is configured on the controller (Airwave wizard), it you classify in Airwave it should push down to the controller.
Once you classify as valid, log into the controller and type "show audit-trail" and see if Airwave is logging in and marking the user as valid.

Thanks for the tip!

 

Can we go to "RAPIDS > List > Detail Page", under "WMS Classification Override" to classify the target "rogue client" as Valid? ___

 

Is there another/alternative place in Airwave to classify the "rogue device"? ____