Wireless Access

New Contributor

Deauth Containment

Hey everyone,


I have an issue with deauth containment not working on rogue APs. Well, I shouldn't say it's "not working". It seems to work off and on, but not nearly as well as it should.


Some network details:

Aruba 6000 chassis with two m3 controllers (one local, one master)

an extremely dense deployment of 350+ AP105s


I do have 'rogue AP aware' enabled in my ARM profile (see screenshot for complete ARM profile config), but mode aware is not enabled. We were advised against it by our sales engineer.


Am I missing anything configuration-wise?


I appreciate any insight/advice. :)

Guru Elite

Re: Deauth Containment

Do you have the IDS/IPS (RF Protect) license (only necessary for Tarpitting)


Do you have Deauth, or Tarpit in your IDS General Profile?


Lastly, do you have "Rogue Containment" in your IDS Unauthorized Device Profile?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: Deauth Containment

I would recommend opening a TAC case.  Another thing to try is running the 'show ap monitor conainment-info' command from the CLI.  It is a lower level debugging command that will tell you how many containmnet packets have been sent.

New Contributor

Re: Deauth Containment

Yes, we do have the necessary RF Protect licensing.


Yes, wireless containment is is set to deauth-only.


Yes, rogue containment is enabled in the IDS Unauthorized Device profile.

Re: Deauth Containment


do you have on the area that the rogue ap is, do you got an air monitor covering that area?

Beacause if the asnwer is no then, it wont work, like it should, like you just said...


You need an air monitor so the death works...



Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: