Security

Hi

i have a small IAP deployment running to do some Test.

All AP´s/IAP/VC´s on the same L2 .

The default behavior is that as soon a VC is discovered via L2 by the other IAP´s it will join the VC and get the config and Software.

My Unterstanding was that this behavior can disabled by "auto Join" disable.

But if I disable this feature nothing changes.

AP´s always join the VC regardless of whether it is a brand new IAP out of the box or a Factory Resetted IAP. What could be wrong ?

I use Airwave 8.2.10 and 6.5 on the IAP´s .

My Concerns are security related because in this Scenario everybody could connect a Aruba AP to the L2 and get access to the Net via wifi , I guess it would be better to confirm new IAP´s to the VC as intended by a "disabled Auto Join" feature.

Regards Markus 

If Auto Join is disabled, you should have to manually add any new APs. Is it possible for you to check all of the IAPs in the current cluster and verify that feature is off, and no other IAP thinks its the VC?

hi

There are only two IAP´s in this L2 Network.

One VC and the other one that should added manually , but that's not the case.

Any IAP that I add to the L2 Network gets the Config from the VC automatically.

Regards Markus

Can you share the configuration from a "show run" ?

Hi

Guess I found the problem.

As soon as the new AP was discovered by the VC it add the new AP to the allowed-Ap list.

You can delete the AP in the Airwave in any menu you want , but it would not delete it from the running config on the VC .

So you have to delete them manually by break the airwave connection to the VC and the delete the allowed-AP entry on the VC running config via SSH.

I would say that's bug !

But now the AP would not show up anywhere

regards Markus