Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

451

452

453

454

455

456

457

458

459

460

About Rogues and RF Detection

22-2 Rogue Detection and Countermeasures

About Rogues and RF Detection

RFdetectiondetectsalltheIEEE802.11devicesinaMobilityDomainandcan singleoutthe

unauthorizedrogueaccesspoints.

Rogue Access Points and Clients

Arogueaccesspointisanaccesspointthatisnotauthorizedtooperateinanetwork.Rogueaccess

pointsandtheirclientsunderminethesecurityofanenterprisenetworkbypotentiallyallowing

unchallengedaccesstothenetworkbyanywirelessuserorclientinthephysicalvicinity.Rogue

accesspoints

anduserscanalsointerferewiththeoperationofyourenterprisenetwork.

Rogue Classification

WhenMSSdetectsathird‐partywirelessdevicethatisnotallowedonthenetwork,MSSclassifies

thedeviceasoneofthefollowing:

• Rogue—ThedeviceisintheEnterasysnetworkbutdoesnotbelongthere.

• Interferingdevice—ThedeviceisnotpartoftheEnterasysnetworkbutalsoisnota

rogue.No

clientconnectedtothedevicehasbeendetectedcommunicatingwithanynetworkentity

listedintheforwardingdatabase(FDB)ofanyRASintheMobilityDomain.Althoughthe

interferingdeviceisnotconnectedtoyournetwork,thedevicemightbecausingRF

interferencewithAPradios.

Whenyouenable

countermeasures,youcanspecifywhethertoissuethemagainstroguesand

interferingdevices,oragainstroguesonly.Forexample,ifyoudonotwanttoissue

countermeasuresagainstyourneighbor’swirelessdevices,youcanselecttoissue

countermeasuresagainstroguesonly.RFAuto‐TuningcanautomaticallychangeAPradio

channelsto

workaround interferingdeviceswithoutattackingthosedevices.

Rogue Detection Lists

Roguedetectionlistsspecifythethird‐partydevicesandSSIDsthatMSSallowsonthenetwork,

andthedevicesMSSclassifiesasrogues.Youcanconfigurethefollowingroguedetectionlists:

• PermittedSSIDlist—AlistofSSIDsallowedintheMobilityDomain.MSSgeneratesa

messageifanSSIDthatis

notonthelistisdetected.

• Permittedvendorlist—Alistofthewirelessnetworkingequipmentvendorswhose

equipmentisallowedonthenetwork.Thevendorofapieceofequipmentisidentifiedbythe

OrganizationallyUniqueIdentifier(OUI),whichisthefirstthreebytesoftheequipment’s

MACaddress.MSSgenerates

amessageifanAPorwirelessclientwithanOUIthatisnoton

thelistisdetected.

•Clientblacklist—AlistofMACaddressesofwirelessclientswhoarenotallowedonthe

network.MSSpreventsclientsonthelistfromaccessingthenetworkthroughaRAS.Ifthe

clientisplacedontheblacklistdynamicallybyMSSduetoanassociation,reassociationor

disassociationflood,MSSgeneratesalogmessage.

• Ignorelist—Alistofthird‐partydevicesthat youwanttoexemptfromroguedetection.MSS

doesnotcountdevicesontheignorelistasroguesorinterferin g

devices,anddoesnotissue

countermeasuresagainstthem.