Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller
21222324252627282930
Summit WM20 Technical Reference Guide, Software Version 4.2 21
2 Rogue Access Point Detection
The Rogue AP detection feature provides capabilities to Summit WM Controllers that allow Wireless
APs to periodically scan the RF space and report suspect devices. With this capability, Wireless APs can
multitask as scan devices as well as access points. This allows rogue detection to occur without
installing expensive overlay sensor networks. Summit WM Controllers Rogue detection system is
comprised of two major components; the Data Collector and the Analysis Engine.
The Data Collector runs on Summit WM Controllers and is responsible for initiating the rogue scans
and compiling information received from all Wireless APs under its control.
The Analysis Engine is the brains of this function and runs on one Summit WM Controller in the
network. It polls the Data Collector periodically (default is every 5 seconds) and analyzes the polled
data to identify new devices. It also uses the polled data to build a table of known “friendly” Wireless
APs and 3rd Party Access Points. On subsequent scans, new devices are identified and compared to the
“friendly” list and differences are flagged as potential Rogues. The Analysis Engine also includes a GUI
to allow users to manually add or remove devices from the system or redefine a device identified as a
potential rogue into a “friendly” if the proper designation of a device isdetermined.
An Wireless AP is assigned to ascan group that has a particular set ofscan parameters. Different
groups can be defined so that the administrator can assign Wireless APs to logical groups to address
either different geographic needs (that is, only scan certain buildings at certain times) or coverage issues
(only scan with half of the Wireless APs in a given area at a given time). The algorithms and
mechanisms for RF scanning have been designed to minimize the impact on user data. Also, a GUI is
provided that provides the ability for an administrator to configure the frequency at which the Wireless
APs within a scan group will initiate a scan (minimum 1 minute, and maximum 120 minutes)
Upon completion of the scan, the Wireless AP will send back the results to the Summit WM Controller
and then wait for the next “scan interval” to repeat the process.
If a problem is found, an event is logged and an SNMP trap is generated indicating one of the following
conditions has been identified:
1 Unknown AP with an invalid SSID – Critical Alarm
a A new device has been identified
2 Unknown AP with a valid SSID – Critical Alarm
a Someone may be trying to attract users by broadcasting a known SSID.
3 Known AP with an invalid SSID – Critical Alarm
a A Rogue may be spoofing a know MAC address.
4 Known Wireless AP with an invalid SSID– Major Alarm
a A Rogue may be spoofing a Wireless AP using a known MAC address.
5 Device that is in ad-hoc mode (IBSS) Major Alarm
a A client configured in ad-hoc mode has been identified
6 Inactive Wireless AP with known SSIDMajor Alarm
a A “known” Wireless AP has been detected that the Summit WM Controller has identified as not
in service (stolen?)
7 Inactive Wireless AP with unknown SSID – Major Alarm