Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

451

452

453

454

455

456

457

458

459

460

Configuring Rogue Detection Lists

22-6 Rogue Detection and Countermeasures

Configuring Rogue Detection Lists

Thefollowingsectionsdescribehowtoconfigureliststospecifythedevicesthatareallowedon

thenetworkandthedevicesthatMSSshouldattackwithcountermeasures.

(ForinformationabouthowMSSusesthelists,see“RogueDetectionLists”onpage 22‐2.)

Configuring a Permitted Vendor List

Thepermittedvendorlistspecif iesthethird‐partyAPorclientvendorsthatareallowedonthe

network.MSSdoesnotlistadeviceasarogueorinterferingdeviceifthedevice’sOUIisinthe

permittedvendorlist.

Bydefault,thepermittedvendorlistisemptyandallvendors

areallowed.Ifyouconfigurea

permittedvendorlist,MSSallowsonlythedeviceswhoseOUIsareonthelist.Thepermitted

vendorlistappliesonlytotheRASonwhichthelistisconfigured.RoamAboutswitchesdonot

sharepermittedvendorlists.

Toaddanentrytothepermittedvendor

list,usethefollowingcommand:

set rfdetect vendor-list {client | ap} mac-addr

Examples

ThefollowingcommandaddsanentryforclientswhoseMACaddressesstartwithaa:bb:cc:

RBT-8100# set rfdetect vendor-list client aa:bb:cc:00:00:00

success: MAC aa:bb:cc:00:00:00 is now in client vendor-list.

The trailing 00:00:00 value is required.

Ignore list List of MAC addresses to ignore during RF

detection. MSS does not classify devices on

this list as rogues or interfering devices, and

does not issue countermeasures against them.

Yes Yes

Countermeasures Packets sent by Enterasys APs to interfere with

the operation of a rogue.

Countermeasures are configurable a radio-

profile basis.

Yes Yes

Active scan Active scan sends probe any requests (probes

with a null SSID name) to look for rogue APs.

Active scan is configurable on a radio-profile

basis.

Yes No

Enterasys AP signature Value in an AP’s management frames that

identifies the AP to MSS. AP signatures help

prevent spoofing of the AP MAC address.

No No

Log messages and traps Messages and traps for rogue activity.

Messages are described in “IDS and DoS

Alerts” on page 22-12.

Yes Yes

Table 22-1 Rogue Detection Features (continued)

Rogue Detection Feature Description

Applies To

Third-Party APs Clients