Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Hi, any know how can I de-auth clients connect on APs classifed as rogue?

This thread has been viewed 0 times

  • 1.  Hi, any know how can I de-auth clients connect on APs classifed as rogue?

    Posted Jul 30, 2014 09:02 AM

    I have a controller with WIP licence and I'd like to de-auth clients connected on rogue APs (not managed by Aruba controller). Is it possible?

     

    Thanks, Gian



  • 2.  RE: Hi, any know how can I de-auth clients connect on APs classifed as rogue?

    Posted Jul 30, 2014 06:09 PM
    Can't this be accomplished by enabling tarpitting?


  • 3.  RE: Hi, any know how can I de-auth clients connect on APs classifed as rogue?

    EMPLOYEE


  • 4.  RE: Hi, any know how can I de-auth clients connect on APs classifed as rogue?

    Posted Aug 01, 2014 10:46 AM

    Thanks for your suggestions.

     

    I did some test in our lab.

    If the AP is in AP mode, both deauth-only and tarpit wireless containment are almost ineffective, client looses 1 ping randomly, all other connections work fine.

     

    Instead, if I set the AP in Air Monitor mode, the  DoS against the rogue works very well and the client can not do any traffic at all.

     

    Is this the expected behavior?

     

    Can't the AP performance better in AP mode?

     

    Thanks in advance.

     

    Gian 

     



  • 5.  RE: Hi, any know how can I de-auth clients connect on APs classifed as rogue?

    EMPLOYEE
    Posted Aug 01, 2014 12:47 PM

    gianti81,

     

    An APs primary duty is to service clients.  If it has to go off channel to remove a rogue client or AP, actual AP client throughput will suffer.  Your alternative is to deploy an actual air monitor for every 4 APs that serve data to contain those rogue APs.   You can alternatively enable "ARM Rogue AP Aware":

     

    http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/ARM/ARM_Profiles.htm

    If you have enabled both the Scanning and Rogue AP optionsAruba APs may change channels to contain off-channel rogue APs with active clients. This security features allows APs to change channels even if the Client Aware setting is disabled.

    This setting is disabled by default, and should only be enabled in high-security environments where security requirements are allowed to consume higher levels of network resources. You may prefer to receive Rogue AP alerts via SNMP traps or syslog events.

    Default: disabled