104 | Aruba Configuration Reference AirWave Wireless Management Suite | Configuration Guide
Profiles > IDS > Unauthorized Device
Unauthorized device detection includes the ability to detect and disable rogue APs and other devices that
can potentially disrupt network operations.
The most important IDS functionality offered in the Aruba system is the ability to classify an AP as either a
rogue AP or an interfering AP. An AP is considered to be a rogue AP if it is both unauthorized and plugged
into the wired side of the network. An AP is considered to be an interfering AP if it is seen in the RF
environment but is not connected to the wired network. While the interfering AP can potentially cause RF
interference, it is not considered a direct security threat since it is not connected to the wired network.
However, an interfering AP may be reclassified as a rogue AP.
You can enable a policy to automatically disable APs that are classified as a rogue APs by the Aruba system.
When a rogue AP is disabled, no wireless stations are allowed to associate to that AP.
Perform these steps to create IDS
Unauthorized Device profiles.
1. Click
Profiles > IDS > Unauthorized Devices in the Aruba Navigation pane.
2. Click the
Add button to create a new Unauthorized Devices profile, or click the pencil icon next to an
existing profile to edit. The
Details page appears. Complete the settings as described in Table 36:
Rogue device classification for Aruba WMS Offload infrastructure is also described in the AWMS User Guide.
Table 36 Aruba Configuration > Profiles > IDS > Unauthorized Devices Profile Settings
Field Default Description
General Settings
Folder Top Use this field to set and display the folder with which the profile is
associated. The drop-down menu displays all folders available for
association with the profile.
Folders provide a way to organize the visibility of device parameters that is
separate from the configuration groups of devices. Using folders, you can
view basic statistics about device, and define which users have visibility to
which device parameters.
Name Blank Enter the name of the profile.
Other Settings
Detect Adhoc
Networks
Yes Enable or disable detection of adhoc networks.
Protect from Adhoc
Networks
No Enable or disable protection from adhoc networks. When adhoc networks
are detected, they are disabled using a denial of service attack.
Detect Windows
Bridge
Yes Enable or disable detection of Windows station bridging.
Detect Wireless
Bridge
Yes Enable or disable detection of wireless bridging.
Detect Devices with
An Invalid MAC OUI
No Enable or disable the checking of the first three bytes of a MAC address,
known as the MAC organizationally unique identifier (OUI), assigned by the
IEEE to known manufacturers. Often clients using a spoofed MAC address
do not use a valid OUI and instead use a randomly generated MAC
address. Enabling MAC OUI checking causes an alarm to be triggered if an
unrecognized MAC address is in use.
To Next Page
Loading...
