Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

WIPS on APs only

This thread has been viewed 4 times

  • 1.  WIPS on APs only

    Posted May 18, 2017 10:45 AM

    I have a network that has 1200 APs and 500 AMs. I can tarpit rogue SSIDS currently. I have a requirement from my customer that for the time being, we only want to tarpit rogues using the APs. Not the AMs.

     

    I know this wont work well and that APs can only tarpit on the channel they are serving and all that. But this is what I have to do.

     

    Is there a way in AMP or the controller, to specify to only allow APs to deauth and tarpit rogues?

     

     



  • 2.  RE: WIPS on APs only

    EMPLOYEE
    Posted May 18, 2017 11:08 AM
    You only configure your IDS tarpitting policies in AP groups that have access point Rd, not air monitors. As an aside, tarpitting is meant to require very few resources, so it does not matter. If anything a user would want their AMs to do ids/IPS. Lastly, customers need to be careful and consult their own legal authority to understand how they can and cannot deploy IDS/IPS within their own environments: http://community.arubanetworks.com/t5/Wireless-Access/The-FCC-has-clarified-their-stance-on-wireless-containment-but/m-p/226342#M46143


  • 3.  RE: WIPS on APs only

    Posted May 18, 2017 12:05 PM

    AH! So in my AM groups just set them to none?