Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

RFProtect and adhoc network

This thread has been viewed 4 times

  • 1.  RFProtect and adhoc network

    Posted Sep 10, 2011 11:29 AM
    Hi Guys,

    I try the adhoc detection and protection, but after i set the needed checkbox (AdHoc detection, AdHoc protection) my AMs dont block the adhoc connection...I have a test adhoc network (Windows XP, DHCP server on this XP, Intel Proset wifi client application which can start the adhoc network). After the needed configuration my second laptop can connect to the adhoc...

    Have someone any experience with the adhoc blocking?

    Thanx

    Tamas


  • 2.  RE: RFProtect and adhoc network

    EMPLOYEE
    Posted Sep 10, 2011 12:04 PM
      |   view attached

    Hi Guys,

    I try the adhoc detection and protection, but after i set the needed checkbox (AdHoc detection, AdHoc protection) my AMs dont block the adhoc connection...I have a test adhoc network (Windows XP, DHCP server on this XP, Intel Proset wifi client application which can start the adhoc network). After the needed configuration my second laptop can connect to the adhoc...

    Have someone any experience with the adhoc blocking?

    Thanx

    Tamas



    Containing Ad-Hoc networks using typical deauth method is not very effective because some client drivers ignore the deauths in ad-hoc mode and some even change channel to avoid it. You need to turn on Tarpitting to address this. Tarpitting clients requires the RFprotect license and ArubaOS 6.x and above. Please see the pic below to see where to configure this parameter



    To view events, type "show log wireless 50" to see containment events.


  • 3.  RE: RFProtect and adhoc network

    Posted Sep 11, 2011 05:32 AM
      |   view attached
    but not working, dont block the adhoc communications...

    480



    Containing Ad-Hoc networks using typical deauth method is not very effective because some client drivers ignore the deauths in ad-hoc mode and some even change channel to avoid it. You need to turn on Tarpitting to address this. Tarpitting clients requires the RFprotect license and ArubaOS 6.x and above. Please see the pic below to see where to configure this parameter



    To view events, type "show log wireless 50" to see containment events.



  • 4.  RE: RFProtect and adhoc network

    EMPLOYEE
    Posted Sep 11, 2011 09:14 AM
    You are editing the Probe Policy from All Profiles, so you are editing that policy from a list which could be in the wrong place. Is the AM in the AP-group with the Probe Policy? It must be for this to work. You should go to Configuration> Wireless> AP configuration. Edit the AP group that the AM is in and edit the IDS profile directly from there.


  • 5.  RE: RFProtect and adhoc network

    Posted Sep 12, 2011 11:23 AM
    Thanx,

    I user proba-policy :) and the IPS is active, for ex. the Rogue containment working, valid client protection is working, misconfigured AP protection is working - just the ad hoc protection not working :)




  • 6.  RE: RFProtect and adhoc network

    EMPLOYEE
    Posted Sep 12, 2011 11:33 AM
    When you type "show log wireless 50" do you see the controller doing tarpit to the Adhoc stations?