Wireless Access

Hi guys, i am doing POC of WIPS where customer have Cisco wireless environment. My controller has only AMs deployed and i do have rfprotect license. I am doing this without airwave first.
I have issue with the ap classification where the classification is very inconsistent. My classification rule sets all SSID as neighbor and then cust will re-set them manually to either valid or rogue but my controller most of the time will put all SSID to interfering by default. I need to know what causes this?

What is your classification rule?

 

This is actually not simple.  We would first need to know what you have configured, what commands your customer used to make changes and what APs have entered and left the area to know what exactly is going on.  It would be hard to guess exactly what is going on.

 

Let's start with what you are testing and maybe we can take it from there..

 

Have you seen the rogue AP definitive guide?  https://community.arubanetworks.com/aruba/attachments/aruba/ControllerBasedWLANs/47/2/PDFRogueAPGuide.pdf

 

 

Hi Colin,

Customer is a Cisco wireless user. They have no Aruba AP. I am testing to use Aruba AM to protect all their valid SSID and then terminate all other SSIDs.

The testing today wasnt so smooth, all SSID whatever it was classifiefld to (rogue, manual contain, valid, neighbor) always get terminated when i turned on the wireless termination. (Both tarpit and deauth only gave me same result).

Currently my biggest problem is my client get terminated even when it is classified in either valid or neighbor.

Client classification should not really matter in your situation (rogue/valid).  AP classification is what is important protect SSID.  You need to make the AP BSSIDs Valid for what you are trying to do, and the client should not get terminated.  In a 100% Aruba situation APs that terminate on the controller would automatically be labeled as valid.

 

Making a client Valid will not stop it from being deauthed or tarpitted if there is a rule preventing Valid Clients from connecting to an AP, really.  Clients would be marked Valid automatically if they connected to an Aruba AP with encyption, but it does not apply in this circumstance.

If you want an environment where connections are only allowed to your customer's SSIDs, use the configuration in the screenshot, where SSID1 and SSID2 are your customer's SSIDs:

Mark all of your customer's APs as Valid before you do this.

 

I need to let you know that in some countries there are strict rules against interrupting wifi traffic and your customer should get some legal advice about what they can and cannot do.

http://community.arubanetworks.com/t5/Wireless-Access/The-FCC-has-clarified-their-stance-on-wireless-containment-but/m-p/226286

 

Hi Collin,

 

few questions:

1. Do i not need to fill that valid channel config?

2. If i put the valid SSID there, will the SSID be put to valid automatically?(even if it not Aruba's)

3. in below screenshot, i have all my SSID as neighbors and Valid but i still get deauth containment message.

 

 

here is my config

update: i have tested to upgrade my controller to 6.5.1.9 and 6.5.4.3 but i am still seeing same issue.

My valid and neighbor non-Aruba SSIDs still get deauth containment from the AM.

is there additional config i might be missing? i have check protect SSID and put all the valid ssid under protect valid.