Wireless Access

Hello,

I have configured my wireless containment to be tarpit-all-sta.
When I look in the security dashboard I see both "AP Deauth Containment" and "Tarpit Containment" occuring.

Is that expected to happen?

Thanks,

Matt

- Where do you have tarpit configured?

- How are you triggering the tarpit?

- Where are you seeing the deauth notification?

Hello,
I have it configured and triggered like this:

ids general-profile

wireless-containment tarpit-all-sta
wired-containment
wired-containment-ap-adj-mac


ids unauthorized-device profile

detect-adhoc-network
detect-wireless-bridge
rogue-containment
suspect-rogue-conf-level 100
no detect-sta-assoc-to-rogue
detect-misconfigured-ap
detect-valid-ssid-misuse
protect-ssid

no detect-unencrypted-valid-client
cfg-valid-11g-channel 1
cfg-valid-11g-channel 6
cfg-valid-11g-channel 11
cfg-valid-11a-channel 36
cfg-valid-11a-channel 40
cfg-valid-11a-channel 44
cfg-valid-11a-channel 48
cfg-valid-11a-channel 52
cfg-valid-11a-channel 56
cfg-valid-11a-channel 60
cfg-valid-11a-channel 64
cfg-valid-11a-channel 100
cfg-valid-11a-channel 104
cfg-valid-11a-channel 108
cfg-valid-11a-channel 112
cfg-valid-11a-channel 116
cfg-valid-11a-channel 120
cfg-valid-11a-channel 124
cfg-valid-11a-channel 128
cfg-valid-11a-channel 132
cfg-valid-11a-channel 136
cfg-valid-11a-channel 140
cfg-valid-11a-channel 149
cfg-valid-11a-channel 153
cfg-valid-11a-channel 157
cfg-valid-11a-channel 161
cfg-valid-11a-channel 165
valid-and-protected-ssid "eduroam"
valid-and-protected-ssid "uw-guest"
valid-and-protected-ssid "uw-nsd2"
valid-and-protected-ssid "uw-unsecured"
detect-ht-greenfield
no detect-valid-client-misassociation

Which are both used by my AP groups and air monitor groups.

I see it reported in the aruba security dashboard:
Tarpit Containment
AP Deauth Containment
AP Tagged Wired Containment
AP Wired Containment