User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point

351

352

353

354

355

356

357

358

359

360

346

DWS-1008 User’s Manual

D-Link Systems, Inc.

Rogue Detection and Countermeasures

Rogue Detection Lists

Rogue detection lists specify the third-party devices and SSIDs that MSS allows on the

network, and the devices MSS classies as rogues. You can congure the following rogue

detection lists:

• Permitted SSID list - A list of SSIDs allowed on the network. MSS generates a

message if an SSID that is not on the list is detected.

• Permitted vendor list - A list of the wireless networking equipment vendors whose

equipment is allowed on the network. The vendor of a piece of equipment is identied

by the Organizationally Unique Identier (OUI), which is the rst three bytes of the

equipment’s MAC address. MSS generates a message if an AP or wireless client

with an OUI that is not on the list is detected.

• Client black list - A list of MAC addresses of wireless clients who are not allowed on

the network. MSS prevents clients on the list from accessing the network through

a switch. If the client is placed on the black list dynamically by MSS due to an

association, reassociation or disassociation ood, MSS generates a log message.

• Ignore list - A list of third-party devices that you want to exempt from rogue detection.

MSS does not count devices on the ignore list as rogues or interfering devices, and

does not issue countermeasures against them.

An empty permitted SSID list or permitted vendor list implicitly allows all SSIDs or vendors.

However, when you add an entry to the SSID or vendor list, all SSIDs or vendors that are not

in the list are implicitly disallowed. An empty client black list implicitly allows all clients, and an

empty ignore list implicitly considers all third-party wireless devices to be potential rogues.

All the lists except the black list require manual conguration. You can congure entries in the

black list and MSS also can place a client in the black list due to an association, reassociation

or disassociation ood from the client.

The rogue classication algorithm examines each of these lists when determining whether a

device is a rogue. The gure below shows how the rogue detection algorithm uses the lists.

RF Detection Scans

All radios continually scan for other RF transmitters. Radios perform passive scans and active

scans:

• Passive scans - The radio listens for beacons and probe responses.

• Active scans - The radio sends probe any requests (probe requests with a null SSID

name) to solicit probe responses from other access points.

Passive scans are always enabled and cannot be disabled. Active scans are enabled by

default but can be disabled on a radio-prole basis.