Wireless Access

We are trying to test our rogue containment with airwave and can't seem to block the SSID. We have a phone being used as a hotspot. Airwave detects it, and I go into Airwave and set it's classification as a contained rogue. I also go into the controller and set it as contain manually, and marked to contain 'yes' - we do not have offloading turned on. I have wireless containment set to 'tarpit-non-valid-sta'. What am I missing here?

Thanks,

Russell

Hi,

Did you configure the following in RAPIDS ?

1. manage rogue containment set to yes?

2. manage rogue ap containment in monitor only mode is also allowed ?

As a good practice, remove " contain manually " in the controller coz, Airwave will send the instruction to the Controller if it finds a rouge .

Please feel free for any further help on this.

both are set to yes.

How does the Controller treat a hotspot we mark to contain, if I manually contain it?

Note:  We only use Airwave for reporting.. so I don't think Airwave will help us here.

Does the Crontroller treat anything differently depending how it is labeled, if it is 'not' marked to contain?

I.E. rogue vs suspected rogue vs Interfering vs Neighbor vs Valid

If you mark to contain, the controller will actively send out deauths whenever a device tries to associate to it.

If it is just marked rogue, there are settings that say what the controller will do if it sees a rogue device.  It could just report it, or send out deauths.  Please see the guide here:  Aruba_WIP_Technology_Guide_v1.pdf ‏369 KB

The guide seems to approach it from the Airwave perspective.

Where do I see these settings on the confroller?

7240

That would be wired or wireless containment  in the IDS profile: http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/ids_general_profile.htm?Highlight=containment

When containing a rogue, how are the sorrounding valid SSID/users treated?  Are they left untouched, or will the de-auth affect them as well?