Wireless Access

Helo,

I am looking through the USer guide for 3.2 and 6.1 OS and I could not find the specifics on how to configure detecting a wired rogue AP. It does say something about gateways and switches but does not go further into the detail. How does wired rogue AP detection work? How can it be configured? We are using 6.1 OS. Thanks.

You should not have to configure it.

With only the base license (without the RF Protect License), you just need to make sure that there is an access point on every layer2 wired subnet you want to protect, and make sure each access point would be able to "hear" rogue APs in your environment.

WITH the RFprotect license, you can run the WIPs Wizard to provide additional functionality to Rogue AP detection.

Hi,

We have the RF protect license. So if I wire an AP to a switch that contains VLAN 1 only for example (all ports are in VLAN 1), then any broadcast will be heard by the AP and sent to the controller? If so, will the controller automatically learn what is a rogue AP just because it hears the OUI and MAC address both on the wireless and wired side? 

---

@baboyero wrote:

Hi,

 

We have the RF protect license. So if I wire an AP to a switch that contains VLAN 1 only for example (all ports are in VLAN 1), then any broadcast will be heard by the AP and sent to the controller? If so, will the controller automatically learn what is a rogue AP just because it hears the OUI and MAC address both on the wireless and wired side? 

---

1.  yes.

2.  yes

We have about 100-160 vlans within our network and potentially anyone can plug in a rogue AP into one of our switch ports. Can the 100-160 VLANs within the maximum number of VLANs an Aruba 6000 controller can handle for rogue AP detection? What performance degradation should we concerned about? Thanks.  

You can probably trunk all vlans to a port-channel which would effectively allow your APs to hear on all VLANS.

In terms of performance degradation, I am unsure.

Why so many vlans?