332
| Intrusion Detection
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Containment Methods
You can enable wired and wireless containments to prevent unauthorized stations from connecting to your
Instant network.
Instant supports the following types of containment mechanisms:
l
Wired containment—When enabled, IAPs generate ARP packets on the wired network to contain wireless
attacks.
n
wired-containment-ap-adj-mac—Enables a wired containment to Rogue IAPs whose wired interface MAC
address is offset by one from its BSSID.
n
wired-containment-susp-l3-rogue—Enables the users to identify and contain an IAP with a preset MAC
address that is different from the BSSID of the IAP, if the MAC address that the IAP provides is offset by
one character from its wired MAC address.
Enable the
wired-containment-susp-l3-rogue
parameter only when a specific containment is required, to
avoid a false alarm.
l
Wireless containment—When enabled, the system attempts to disconnect all clients that are connected or
attempting to connect to the identified Access Point.
n
None—Disables all the containment mechanisms.
n
Deauthenticate only—With deauthentication containment, the Access Point or client is contained by
disrupting the client association on the wireless interface.
n
Tarpit containment—With Tarpit containment, the Access Point is contained by luring clients that are
attempting to associate with it to a tarpit. The tarpit can be on the same channel or a different channel
as the Access Point being contained.
Figure 98
Containment Methods