@kdisc98 wrote:
Hi Guys,
:smileymad:
Good morning,I just deployed a RFP for the first time at client site - and after doing some reading , I have a few questions:I will be more than glad if couple of you can send me some technical answers and configuration tips.
- How the controller auto-define: Rouge | Neighbor | Suspect | Interfering | Valid ?
- Can I force the controller to define any other network except the client Aruba network as Suspect or interfering and contain|block them?
- If my client would like to Contain just nearby or in the building office itself (in order not to interrupt the other offices - What is the SNR that recommenced to achieve for example - 10 meters from each AP of Aruba.
- How do i define to the controller not to block a speseifc SSID (that in the controller) or an OPEN ssid that isnt connected to the Controller itself?
(ArubaOS 6.1.3.5 Running on-site)
Thanks in Advance.
Me.
The easiest way to configure that is to run the WIP Wizard.
The Wizard will give you the options to influence how rogues are classified. How the controller automatically classifies rogues is here: https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/Rogue-Classification-on-AOS-6-0
You can configure something called a "Valid SSID" which means that the controller will allow devices to connect to that SSID. You can then block traffic from connecting to anything but Valid SSIDs.
The controller normally looks at client associations to contain devices, so even if you can see powerful access points from far away, if the controller cannot see the client associating to it, it will not do anything. If it can see your users attempting to associate to it, and you have protection on, it can stop those users, however.
You can define a specific SSID as a Valid SSID to keep it from being blocked.
Again, IDS/IPS is a very involved topic and you need to (1) Read the entire chapter on IDS/IPS to fully understand it and (2) Test any scenario before putting it into production so that you do not create any performance issues.