Wireless Access

Contributor I

WIPS on APs only

I have a network that has 1200 APs and 500 AMs. I can tarpit rogue SSIDS currently. I have a requirement from my customer that for the time being, we only want to tarpit rogues using the APs. Not the AMs.


I know this wont work well and that APs can only tarpit on the channel they are serving and all that. But this is what I have to do.


Is there a way in AMP or the controller, to specify to only allow APs to deauth and tarpit rogues?



Guru Elite

Re: WIPS on APs only

You only configure your IDS tarpitting policies in AP groups that have access point Rd, not air monitors. As an aside, tarpitting is meant to require very few resources, so it does not matter. If anything a user would want their AMs to do ids/IPS. Lastly, customers need to be careful and consult their own legal authority to understand how they can and cannot deploy IDS/IPS within their own environments: http://community.arubanetworks.com/t5/Wireless-Access/The-FCC-has-clarified-their-stance-on-wireless-containment-but/m-p/226342#M46143

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Contributor I

Re: WIPS on APs only

AH! So in my AM groups just set them to none?

Search Airheads
Showing results for 
Search instead for 
Did you mean: