Specifications
Intrusion Detection Configuration 325
Chapter 15
FIGURE 15-16 Multi-Tenancy Configuration
Available parameters are:
Disable APs Violating Enterprise SSID List – When an unknown AP is
detected advertising a reserved SSID, the AP will be disabled using a denial of
service attack.
Valid Enterprise SSID List – A list of reserved SSIDs.
Disable APs Violating Channel Allocation Agreements – When an unknown
AP is detected using a reserved channel, the AP will be disabled using a denial
of service attack.
Reserved Enterprise Channels – A list of reserved channel numbers.
The equivalent CLI configuration for the example shown above is:
wms
ap-policy protect-mt-ssid enable
valid-ssid OurSSID mode enable
ap-policy protect-mt-channel-split enable
reserved-11b-channel 1 mode enable
MAC OUI Checking
AOS-W provides the ability to match MAC addresses seen in the air with
known manufacturers. The first three bytes of a MAC address are known as
the MAC OUI (Organizationally Unique Identifier) and are assigned by the IEEE.
Often, clients using a spoofed MAC address will not use a valid OUI, and
instead use a randomly generated MAC address. By enabling MAC OUI
checking, administrators will be notified if an unrecognized MAC address is in
use. To enable MAC OUI checking, navigate to
Configuration > Wireless LAN
Intrusion Detection > Policies > MAC OUI
, as shown in the figure below.