Hi All,
Probably one for the security junkies here. Been a while since I saw a customer buy a WIP(RFP) license!
Consider RAPs, and in this case, a customer has an RFP license obviously.
My theory here is that I want RFP on the campus (configure that in detail later), but NOT on their RAPs. This is obviously because we want to avoid detecting rogues in user homes, ad-hocs in user homes etc. That's not really any of our business what they're doing! So as far as I can see, the best way to achieve this is by applying an unauthorized-device-profile into the ap-group, that has everything turned off, thus...
ids unauthorized-device-profile "detection-disabled"
no detect-windows-bridge
no classification
no overlay-classification
no oui-classification
no prop-wm-classification
no detect-sta-assoc-to-rogue
no detect-unencrypted-valid-client
no detect-adhoc-using-valid-ssid
no detect-valid-client-misassociation
!
Anybody care to suggest a flaw in this plan or thinking? Assume the corporate laptop at home is locked down by AD.
Cheers!