Aruba Central allows users to configure exclusions for IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. containment based on vendor-specific IE information. This feature allows APs to be exempted from containment even when the devices use randomized MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses.
To exempt APs from containment, users should configure the vendor OUI Organizationally Unique Identifier. Synonymous with company ID or vendor ID, an OUI is a 24-bit, globally unique assigned number, referenced by various standards. The first half of a MAC address is OUI. and OUI type in the IDS unauthorized device profile. A maximum of five vendor OUI and OUI types can be defined for confinement exclusion.
To define vendor OUI and OUI type for confinement exclusion, complete the following steps:
- In the Aruba Central app, create a template group from the Groups page under Maintain > Organization page.
For more information on creating template groups, see Creating a Template Group.
- Set the filter to the newly created group.
- Under , click > .
- Click the
The tabs to configure the APs are displayed.
Click + in the Templates page.
The Add template window is displayed.
In the Basic Info page, enter the Template Name. You could optionally select the model and version of the APs.
The Template Configuration page is displayed.
- Configure the vendor specific IE exclusions under ids using the vendor-specific-ie-exclusion <oui> <oui_type> command.
The following example shows a sample vendor specific IE exclusion template. Template groups allow you to configure multiple IE exclusions under IDS.
Save the template.
vendor-specific-ie-exclusion 00:03:7F 1
vendor-specific-ie-exclusion AA:BB:CC 123
vendor-specific-ie-exclusion 00:11:22 21