Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Ignore Specific SNMP Traps/IDS Notifications

This thread has been viewed 6 times

  • 1.  Ignore Specific SNMP Traps/IDS Notifications

    Posted May 24, 2013 09:34 AM

    I'm not really sure if this belongs in the Airwave section or the Controllers section, so I'll try here first because Airwave is where I'm seeing the messages.

     

    I'm getting SNMP/IDS Messages for specific traps I'd like to disable.  Specifically, notifications of Clients associating to Rogue APs.  While in some areas this is very useful, for my environment it just causes headaches.  We're a university that is surrounded by a lot of Apartment buildings to one side of our campus, and I'd like to disable this to clear out my Airwave RAPIDS logs.  Can someone direct me to where this is listed so I can disable these messages, and possibly other messages of this nature.  I can't seem to find this.  Thanks in advance.



  • 2.  RE: Ignore Specific SNMP Traps/IDS Notifications

    Posted May 24, 2013 09:47 AM

    I apologize, I guess I haven't had enough coffee this morning, but I finally found it.  For those that also want to do this, its located on the Controller.  I had to access Configuration -> All Profiles.  Then look at the IDS -> IDS Unauthorized Device Profile and remove the checkbox for Detect Station Association to Rogue AP.  I believe this will solve my problem.  I'm going to give it a while to propagate information.  

     

    Thanks to anyone who decided to read this.



  • 3.  RE: Ignore Specific SNMP Traps/IDS Notifications
    Best Answer

    EMPLOYEE
    Posted May 24, 2013 09:58 AM

    You have two choices:

     

    1 - Disable the Specific trap generation on the Aruba Controller, OR

    2 - Uncheck the IDS option on the controller

     

    To do #1, I looked at the document here:  http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=5719 to see what trap is being generated.  Based on your email it looks like the trap wlsxStaAssociatedToUnsecureAP.  I would then do this:

     

    ruba3600) (config) #snmp-server trap disable ?
<name>                  trap name. A list of valid names can be found using 
                        the command show snmp trap-list

(Aruba3600) (config) #snmp-server trap disable wlsxStaAssociatedToUnsecureAP

     You would have to do this on each individual controller.

     

    2.  You could then uncheck this parameter, in the IDS  Unauthorized Device profile of each AP-Group that you want to apply this to.  If every AP uses this profile, you would deal with your issue globally without having to disable traps for each controller:

     

    rogue.png

     

     



  • 4.  RE: Ignore Specific SNMP Traps/IDS Notifications

    Posted May 24, 2013 10:17 AM

    Thanks!  Disabling globally was easiest for me as I'm using the default profle.  Thanks for the additional information on the CLI.



  • 5.  RE: Ignore Specific SNMP Traps/IDS Notifications

    EMPLOYEE
    Posted May 24, 2013 01:10 PM

    To check the trap status on the controller:

    # en

    > show snmp trap-list

     

    To disable the SNMP traps you don't want to see:

    # conf t

    # snmp-server trap disable (trap_name)

    # snmp-server trap disable (trap_name_2)

    ctrl+z

    # write mem

     

    To enable a trap:

    # conf t

    # snmp-server trap enable (trap_name)

    # snmp-server trap enable (trap_name_2)

    ctrl+z

    # write mem

     

    *Note: when enabling/disabling traps, it's 1 trap per entry line, there's no easy way to perform this in bulk.  I usually write the list out in notepad (without #s) and then copy / paste into SSH/telnet command line.