Wireless Access


IDS Unauthorized Device profile

Hello again

I was wondering of any of you got a more detailed information of what does the toptions in this profile.

Yes i know they are on the manual but i will give you an example of why im asking this.


i got the IPS configured on a client.

Well i used the wizard and well i configured what i though it was okay as far i read on the manual 


The detect misconfigured ap value  when I got this on, and I got the captive portal well, the open ssid, this paramether doestn let the client to connect to it.. I had to disable it so the clients could connect to it… on the guide didn’t say anything about this

It just says:

A list of parameters can be configured that defines the characteristics of a valid AP. This feature is primarily

used when non-Aruba APs are used in the network since the Aruba controller cannot configure the thirdparty

APs. These parameters include WEP, WPA, OUI of valid MAC addresses, valid channels, and valid



This is not a 3rd party AP it’s the same Aruba AP… and still won’t let my user connect.


It would be awsome if this was a topic on the knoledge base  of how to configure correctly the IPS

Im just asking this becasue i really wanna know what im doing....






Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: IDS Unauthorized Device profile

This unauthorized device profile also applies to Aruba APs.  You need to ensure that you are allowing anything that your Aruba APs are doing, otherwise, your own clients will be stopped, as well.  The unauthorized device profile is one of the most powerful lockdown mechanisms, because it defines ONLY what you want to happen within your environment.  If someone misconfigures your WLAN out side of your specifications in the Unauthorized profile, for example, it will not let even your own clients connect.  You need to define anything that you are doing at the time.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: IDS Unauthorized Device profile

You mentioned the 'detect misconfigured AP' setting.  All that setting does is detect and alert on misconfigured APs.  No wireless containment will be enabled by any of the 'detect' options.  They do just what the name implies, detect problems.  You do not need to worry about impacting your network by enabling detection. 


That is very different than the 'Protect Misconfigure AP' setting.  The protection mechanisms will enable wired and/or wireless contianment depending on what containment methods you enabled.  The 'Protect' options may keep your users off of invalid networks, invalid users off of your network, all users off of rogue devices, etc.  Care should be excersized before enabling any protection policy.


The protect features works as outlined by Colin in the previous post.

Search Airheads
Showing results for 
Search instead for 
Did you mean: