Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring RAPIDS
Aruba Central RAPIDS Rogue Access Point identification and Detection System. An AMP module that is designed to identify and locate wireless threats by making use of all of the information available from your existing infrastructure. allow users to configure RAPIDS rules to customize classification. Users can configure a predefined set of classification criteria at the global level to determine the classification of a neighboring AP.
To enable RAPIDS, click the Config icon in
and enable the Enable RAPIDS toggle button.The
page displays the default classification rules in a table:
Field |
Description |
---|---|
|
Name of the rule created. |
|
Classification of the detected AP: Rogue Neighbor Suspected Rogue |
|
Status of the rogue detected. |
The default classification rules that are already configured and visible in the table are as follows:
-
Suspected AP On Prem—This rule detects an AP with a signal strength greater than -50 dbm. The AP must either be very close to the network or on the network premises for it to have such high signal strength. Hence, the classification results into a suspected rogue.
-
Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. Demotion—This rule detects a rogue device when wireless BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. is seen simultaneously as a wireless client and neighbor AP. The classification results into a suspected rogue.
-
Detected on the wire—This rule detects a rogue device when a wireless BSSID matches a wired MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address reported from one of the managed switches is the network. The classification results into a rogue.
You can reorder the rules in the table by dragging it up or down. AP classification checks the rules from the top of the table, that is, the first rule of the table takes precedence and then moves on to the next and so on. Once a match is found at any point then, that is the resulting classification of the monitored AP. RAPIDS then pushes the final classification back to the Virtual Controller or the AP providing the user a consistent classification value across the network.
To customize the
table, click the icon to select the required columns, or click to set the table to the default columns. To autofit the columns, click the icon and select .Hover over the classification rule and click the icon to delete the rule and click the icon to edit the rule.
Configuring a New Rule
Apart from the default rules that are already configured, you can also configure or add your own rules. To add a rule, complete the following steps:
-
In the Aruba Central app Short form for application. It generally refers to the application that is downloaded and used on mobile devices. , set the filter to .
The dashboard context for the selected filter is displayed.
-
Under
, click .By default, the WIDS Wireless Intrusion Detection System. WIDS is an application that detects the attacks on a wireless network or wireless system. Events table is displayed in the List view.
-
Click the Config icon.
-
Enable the Enable RAPIDS toggle button if you are logging in for the first time. If the toggle button is already enabled, the enable RAPIDS page is displayed.
The already configured classification rules are displayed.
-
Click the icon to add a new rule.
The Add Rule page is displayed.
-
Enter the Rule Name and Classification type, as required.
-
Select the This rule is enabled checkbox, if you want to enable the rule that you are adding.
-
Click the icon to add the conditions and select the configurable classification criteria that can be applied from the Criteria drop-down list.
You can choose multiple criteria for a single rule. For more information on classification criteria, see Rule Classification Criteria.
All the criteria in a single rule is applied together at once. A rule can only be applied if all the criteria in that rule evaluate as a match.
-
Click Save.
Clicking save displays the newly added rule on the Classification Rules table.
Rule Classification Criteria
The following table describes the configurable classification criteria that can be applied to a rule:
Criteria | Description |
---|---|
Signal |
Users can specify a minimum signal strength. The range varies from -85 to 0. |
Detecting AP Count |
The number of detecting APs that can see the rogue device in the network. The range varies from 2 to 255. For example, in a store, there are 4 APs and 1 AP is in the freezer area. AP1, AP2, and AP3 can hear ("see") signals of the rogue device in the network. However, AP4 cannot detect any signals because of the freezer walls hence, in this scenario there are 3 detecting APs for the rogue device. |
WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. Classification |
This criteria results in a match when a classification value received from the detecting device matches any of the devices that are classified under the following values: Valid Interfering Neighbor Rogue Suspected Rogue Manually Contained |
A list of strings are compared to the rogue SSID. This criteria results in a match if the rogue SSID contains any of these substrings. The string characters are case sensitive. |
|
SSID does not contain |
A list of strings are exempted from this rule. This criteria results in a match if the rogue SSID contains any of these substrings. The string characters are case sensitive. |
Known valid SSIDs |
Exact match against all known valid SSIDs configured on the customer's account. |
Plugged into wired network |
For AOS-CX and AOS-PVOS switch customers, a neighbor AP is determined to be plugged into the network by matching a wireless BSSID to a wired MAC address connected to the switch. The wired to wireless MAC correlation is done by matching the first 40 bits of both the MAC addresses. For example, 11:22:33:44:55:61 matches 11:22:33:44:55:11 => 11:22:33:44:55:XX matches 11:22:33:44:55:XX |
Time on network |
Minimum number of minutes since the monitored AP was first seen on the network. |
Site Matches |
There are up to 32 site IDs for which this rule is applied. This criteria results in a match if the device site is not in the "Site excludes" list. |
Site Does not match |
There are up to 32 site IDs for which this rule is skipped. The criteria results in a match if the site IDs are mutually exclusive between the "Site includes" and "Site excludes" lists. |
Band |
The radio band Band refers to a specified range of frequencies of electromagnetic radiation. of the monitored AP. |
Valid client MAC match |
Match any monitored BSSID against the current valid station cache list. This must be an exact match. |
Encryption |
Encryption: OPEN, WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. , WPA Wi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. , WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. , WPA3 |