Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentWM20 Controller
21222324252627282930
Rogue Access Point Detection
Summit WM20 Technical Reference Guide, Software Version 4.222
a Aknown Wireless AP with an unknown SSID has been detected that the Summit WM
Controller has identified as not in service (stolen?)
With each event, the following information will be reported:
Scanning Wireless AP Name & Scan Group
Detection Date and Time
Rogue SSID and Channel
Signal Strength (RSSI)
Security/Encoding type (for example. WEP, 802.1x, none, and so on)
This information is available through SNMP, or by viewing a report screen. In addition, a summary
screen is provided as a pop-up window that provides a summary of all potential problem areas on a
single screen.
NOTES: A Few Points Related to Summit WM series Spy and Rogue Systems in General.
In future releases the capabilities of the Summit WM Controller Summit WM series Spy Tool will be
expanded to include graphic representation of the Rogue devices that are detected (rogue location
will be plotted on imported floor plans or mapping).
However, graphic plotting of a rogue device is not necessarily a “no-brainer” in terms of tracking
down and dealing with rogues. The most common method used in graphic plotting is software
driven calculations that approximate location based on RSSI values reported by multiple AP’s
finding the same rogue device (RSSI triangulation). The problem with this is that unless the rogue
discovery tool uses very sophisticated algorithms and the AP / Rogue seek design was established
during initial survey/setup (vs. post implementation) there are many factors that could compromise
the accuracy (sometimes significantly). Things such as the way that building materials effect the RSSI
values noted by AP’s in the same general area, Multipath, etc.
Due the fact that accuracy is suspect an administrator will more than likely still have to hunt the
rogue in person with a handheld/laptop to find the exact location. So, even using the just Summit
WM Controller’s Summit WM series Spy information (mentally weigh and plot RSSI values from the
scan group APs) an administrator can locate a rogue just as easily as with graphic tools.
Some other systems address Rogues with a function known as “containment”. Well this is a
checkmark in terms of features there are some problems inherent to this capability that are due to
the method of containment. Most containment is done via RF bombardment or via a ping DOS to the
Rogue device. Unless WLAN gear uses very directional or phased array antenna systems this
bombardment is not discriminating therefore effecting every device (MUs included) in close
proximity. Also, if an Rogue containment AP is launching an attack (for containment) what is the
service expectation of the client? Lastly, WiFi works in UNLICENSED spectrum, so what if the rogue
that is detected is simply a neighboring WLAN with RF bleed into the scanned space. If a Rogue
containment system attacks this, then it is attacking a co-existing legitimate system operating in open
spectrum (the FCC and CRTC might have something to say about that), no one said that your
WLAN neighbors have to keep their RF in their space.