Security, WIDS/WIPS and Aruba ECS

Guru Elite



You are using the IDS-HIGH setting for IDS which requires thoughtful planning to achieve the correct objective. You have also modified this profile. You should either change to IDS-low and start from there, or open a case so that it can be determined exactly what is going on. There are a number of enhancements that were put in place to protect the controller itself in 3.4.x, and those enhancements, configured incorrectly could cause some of the symptoms you describe. The quickest way to get to the bottom of it is to either switch IDS to low and consult the documentation about what parameters you need to turn on, or open a case with support.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Occasional Contributor II

Re: AM recognises controller as attacker?


I had the same problem as you discribe in your post with wired containment wich blocked the controller. I have also disabled this feature in IDS profile in the past. But I didn't use the high-setting profile but I create mine with this features :
- ids dos profile :
- ids impersonation :
- ids unauthorized
protect-ssid (with list of ssid that wee use)

We have 2 masters (active/standby) with several locals, all are in active mode with VRRP for redundancy. We also have AP and AM in the same subnet as controllers.

Do you find a solution for this problem? Did you test it with new firmware (
Another question, I have read in this forum that wired containment block traffic from rogue AP to its gateway. Can someone explain how it's work?

Thanks in advance.
Search Airheads
Showing results for 
Search instead for 
Did you mean: