User`s manual
350
DWS-1008 User’s Manual
D-Link Systems, Inc.
Rogue Detection and Countermeasures
Active scan Active scan sends probe any
requests (probes with a null SSID
name) to look for rogue APs.
Active scan is congurable on a
radio-prole basis.
Yes No
D-Link AP
signature
Value in an AP’s management
frames that identies the AP to
MSS. AP signatures help prevent
spoong of the AP MAC address.
No No
Log messages
and traps
Messages and traps for rogue
activity.
Yes Yes
Conguring Rogue Detection Lists
The following sections describe how to congure lists to specify the devices that are allowed
on the network and the devices that MSS should attack with countermeasures.
Conguring a Permitted Vendor List
The permitted vendor list species the third-party AP or client vendors that are allowed on the
network. MSS does not list a device as a rogue or interfering device if the device’s OUI is in
the permitted vendor list.
By default, the permitted vendor list is empty and all vendors are allowed. If you congure a
permitted vendor list, MSS allows only the devices whose OUIs are on the list. The permitted
vendor list applies only to the switch on which the list is congured. DWS-1008 switches do
not share permitted vendor lists.
To add an entry to the permitted vendor list, use the following command:
set rfdetect vendor-list {client | ap} mac-addr
The following command adds an entry for clients whose MAC addresses start with aa:bb:
cc:
DWS-1008# set rfdetect vendor-list client aa:bb:cc:00:00:00
success: MAC aa:bb:cc:00:00:00 is now in client vendor-list.
The trailing 00:00:00 value is required.
To display the permitted vendor list, use the following command:
show rfdetect vendor-list