User guide

ManualsBrandsExtreme Networks ManualsSwitchSummit WM Series

181

182

183

184

185

186

187

188

189

190

Analysis engine overview

Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.1 User Guide

183

● Passive – The Altitude AP listens for 802.11 beacons.

8 In the Channel Dwell Time box, type the time (in milliseconds) for the scanner to wait for a

response from either 802.11 beacons in passive scanning, or ProbeResponse in active scanning.

9 In the Scan Time Interval box, type the time (in minutes) to define the frequency at which an

Altitude AP within the Scan Group will initiate a scan of the RF space. The range is from one minute

to 120 minutes.

10 To initiate a scan using the periodic scanning parameters defined above, click Start Scan.

11 To initiate an immediate scan that will run only once, click Run Now.

NOTE

If necessary, you can stop a scan by clicking Stop Scan. A scan must be stopped before modifying any

parameters of the Scan Group, or before adding or removing an Altitude AP from a Scan Group.

12 The Scan Activity box displays the current state of the scan engine.

13 To view a pop-up report showing the timeline of scan activity and scan results, click Show Details.

14 To save your changes, click Save.

Analysis engine overview

The Analysis engine relies on a database of known devices on the Summit WM series switch, access

points, and WLAN switch software system. The Analysis engine compares the data from the RF Data

Collector with the database of known devices.

This database includes the following:

● Altitude APs – Registered with any Summit WM series switch with its RF Data Collector enabled

and associated with the Analysis Engine on this Summit WM series switch.

● Third-party APs – Defined and assigned to a WM-AD.

● Friendly APs – A list created in the Summit spy user interface as potential rogue access points are

designated by the administrator as Friendly.

● Wireless devices – Registered with any Summit WM series switch that has its RF Data Collector

enabled and has been associated with the Analysis Engine on this Summit WM series switch.

The Analysis Engine looks for access points with one or more of the following conditions:

● Unknown MAC address and unknown SSID (critical alarm)

● Unknown MAC, with a valid SSID - a known SSID is being broadcast by the unknown access point

(critical alarm)

● Known MAC, with an unknown SSID - a rogue may be spoofing a MAC address (critical alarm)

● Inactive Altitude AP with valid SSID (critical alarm)

● Inactive Altitude AP with unknown SSID (critical alarm)

● Known Altitude AP with an unknown SSID (major alarm)

● In ad-hoc mode (major alarm)