User`s manual
359
DWS-1008 User’s Manual
D-Link Systems, Inc.
Rogue Detection and Countermeasures
Disallowed Devices or SSIDs
You can congure the following types of lists to explicitly allow specic devices or SSIDs:
• Permitted SSID list - MSS generates a message if an SSID that is not on the list is
detected.
• Permitted vendor list - MSS generates a message if an AP or wireless client with an
OUI that is not on the list is detected.
• Client black list - MSS prevents clients on the list from accessing the network through a
switch. If the client is placed on the black list dynamically by MSS due to an association,
reassociation or disassociation ood, MSS generates a log message.
By default, these lists are empty and all SSIDs, vendors, and clients are allowed.
Displaying Statistics Counters
To display IDS and DoS statistics counters, use the show rfdetect counters commands.
IDS Log Message Examples
The table below shows examples of the log messages generated by IDS.
Message Type Example Log Message
Probe message
ood
Client aa:bb:cc:dd:ee:ff is sending probe
message ood.
Seen by AP on port 2, radio 1 on channel 11 with
RSSI -53.
Authentication
message ood
Client aa:bb:cc:dd:ee:ff is sending authentication
message ood.
Seen by AP on port 2, radio 1 on channel 11 with
RSSI -53.
Null data
message ood
Client aa:bb:cc:dd:ee:ff is sending null data
message ood.
Seen by AP on port 2, radio 1 on channel 11 with
RSSI -53.
Management
frame 6 ood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt
frame 6 message ood.
Seen by AP on port 2, radio 1 on channel 11 with
RSSI -53.