This section contains the following topics:
"Controller Classification with WMS Offload" on page 205
"Device OUI Score" on page 205
"Rogue Device Threat Level" on page 206
"Viewing and Configuring RAPIDS Rules" on page 206
"Recommended RAPIDS Rules" on page 210
"Using RAPIDS Rules with Additional AWMS Functions" on page 210
Controller Classification with WMS Offload
This classification method is supported only when WMS offload is enabled on Aruba WLAN switches. Controller
classification of this type remains distinct from RAPIDS classification. WLAN switches feed wireless device
information to AWMS, which AWMS then processes. AWMS then pushes the WMS classification to all of the
ArubaOS controllers that are WMS offload enabled.
WMS offload ensures that a particular BSSID has the same classification on all of the controllers. WMS offload
removes some load from master controllers and feeds 'connected-to-lan' information to the RAPIDS classification
engine. RAPIDS classifications and controller classifications are separate and often are not synchronized.
Note: RAPIDS classification is not pushed to the devices.
The following table compares how default classification may differ between AWMS and ArubaOS, for scenarios
involving WMS Offload.
Table 103 Rogue Device Classification Matrix
AWMS
Unclassified (default state)
Rogue
Suspected Neighbor
Neighbor
Valid
Contained Rogue
For additional information about WMS Offload, refer to the Aruba Practices Guide.
Device OUI Score
The Organizationally Unique Identifier (OUI) score is based on the LAN MAC address of a device. RAPIDS can
be configured to poll your routers and switches for the bridge forwarding tables. RAPIDS then takes the MAC
addresses from those tables and runs them through a proprietary database to derive the OUI score. The OUI score
of each device is viewable from each rogue's detail page.
Table 104 Device OUI Scores
Score
Score of 1
Dell PowerConnect W AirWave 7.1 | User Guide
Description
Indicates any device on the network; this is the lowest threat level on the network.
AOS (ARM)
Unknown
Rogue
Interfering
Known Interfering
Valid
DOS
Table 104
provides list the OUI scores definitions.
Using RAPIDS and Rogue Classification |
205