Wireless Access

Valued Contributor I


Hi All,


Probably one for the security junkies here. Been a while since I saw a customer buy a WIP(RFP) license!


Consider RAPs, and in this case, a customer has an RFP license obviously.


My theory here is that I want RFP on the campus (configure that in detail later), but NOT on their RAPs. This is obviously because we want to avoid detecting rogues in user homes, ad-hocs in user homes etc. That's not really any of our business what they're doing! So as far as I can see, the best way to achieve this is by applying an unauthorized-device-profile into the ap-group, that has everything turned off, thus...


ids unauthorized-device-profile "detection-disabled"
   no detect-windows-bridge
   no classification
   no overlay-classification
   no oui-classification
   no prop-wm-classification
   no detect-sta-assoc-to-rogue
   no detect-unencrypted-valid-client
   no detect-adhoc-using-valid-ssid
   no detect-valid-client-misassociation


Anybody care to suggest a flaw in this plan or thinking? Assume the corporate laptop at home is locked down by AD.




Kudos appreciated, but I'm not hunting! (ACMX 104)
Aruba Employee

Re: RAPs vs RFP

That would certainly work.

We would still detect Wi-Fi networks as Interfering (except the Ad-Hoc of course).


Good solution.






Re: RAPs vs RFP

Have you got Airwave? If so, you can ignore Rogues from remote-aps.


By disabling that profie, wouldn't it affect the ability to discover those IDS events at the campus level?

Unless you have a specific AP group for Campus and 1 for RAPS at which point you can configure a IDS profile for the campus and do what you suggested for the RAP AP Group





Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACCA
[If you found my post helpful, please give kudos!]
Search Airheads
Showing results for 
Search instead for 
Did you mean: