Specifications

About Rogues and RF Detection

RoamAbout Mobility System Software Configuration Guide 22-3

AnemptypermittedSSIDlistorpermittedvendorlistimplicitlyallowsallSSI Dsorvendors.

However,whenyouaddanentrytotheSSIDorvendorlist,allSSIDsorvendorsthatarenotin

thelistareimplicitlydisallowed.Anempty clientblacklistimplicitlyallowsallclients,andan



emptyignorelistimplicitlyconsidersallthird‐partywirelessdevicestobepotentialrogues.

Allthelistsexcepttheblacklistrequiremanualconfiguration.Youcanconfigureentriesinthe

blacklistandMSSalsocanplaceaclientintheblacklistduetoanassociation,reassociationor

disassociation

floodfromtheclient.

Therogueclassificationalgorithmexamineseachoftheselistswhendeterminingwhethera

deviceisarogue.Figure 22‐1onpage 22‐3showshowtheroguedetectionalgorithmusesthelists.

Figure 22-1 Rogue Detection Algorithm

AP radio detects wireless packet.

Yes

Source MAC in

SSID in Permitted

Ignore List?

Device is not a threat.

SSID List?

Yes

OUI in Permitted

Vendor List?

Source MAC in

Attack List?

Generate an alarm.

Classify device as a rogue.

Yes

Issue countermeasures

(if enabled).

Rogue classification

Yes

algorithm deems the

device to be a rogue?