Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

461

462

463

464

465

466

467

468

469

470

Enabling AP Signatures

22-12 Rogue Detection and Countermeasures

Enabling AP Signatures

AnAPsignatureisasetofbitsinamanagementfram esentbyanAPthatidentifiesthatAPto

MSS.IfsomeoneattemptstospoofmanagementpacketsfromanEnterasysAP,MSScandetect

thespoofattempt.

APsignaturesaredisabledbydefault.Toenableordisablethem,use

thefollowingcommand:

set rfdetect signature {enable | disable}

ThecommandappliesonlytoAPsmanagedbytheRASonwhichyouenterthecommand.To

enablesignaturesonallAPsinaMobilityDomain,enterthecommandoneachRASinthe

MobilityDomain.

Disabling or Reenabling Logging of Rogues

Bydefault,aRASgeneratesalogmessagewhenarogueisdetectedordisappears.Todisableor

reenablethelogmessages,usethefollowingcommand:

set rfdetect log {enable | disable}

Todisplaylogmessagesonaswitch,usethefollowingcommand:

show log buffer

(Thiscommandhasoptionalparameters.Forcompletesyntaxinformation,seetheRoamAbout

MobilitySystemSoftwareCommandLineInterfaceReference.)

Enabling Rogue and Countermeasures Notifications

Bydefault,allSNMPnotifications(informsortraps)aredisabled.Toenableordisable

notificationsforroguedetection,IntrusionDetectionSystem(IDS),andDenial ofService(DoS)

protection,configureanotificationprofilethatsendsallthenotificationtypesforthesefeatures.

(Forsyntaxinformationandanexample,see“Configuringa

NotificationProfile”onpage 6‐5.)

IDS and DoS Alerts

MSScandetectillegitimatenetworkaccessattemptsandattemptstodisruptnetworkservice.In

response,MSSgeneratesmessagesandSNMPnotifications.Thefollowingsectionsdescribethe

typesofattacksandsecurityrisksthatMSScandetect.

Forexamplesofthelogmessagestha tMSSgenerateswhenDoSattacksorothersecurity

risksare

detected,see“IDSLogMessageExamples”onpage 22 ‐15.

Forinformationaboutthenotifications,see“ConfiguringaNotificationProfile”onpage 6‐5.

Note: You must use the same AP signature setting (enabled or disabled) on all RoamAbout

switches in a Mobility Domain.

Note: To detect DoS attacks, active scan must be enabled. (See “Disabling or Reenabling Active

Scan” on page 22-11.)