User's Manual Part 1
Table Of Contents
18 HotPoint 5000 User Guide January 2011
Security
Basic
Rogue AP Detection
Unidentied access points that use the SSID of a legitimate network can present a serious security threat. Detecting rogue ac-
cess points involves scanning the wireless environment on all available channels, looking for unidentied access points. These
settings are applied to all managed APs.
An AP is dened as rogue if all of the following are true:
1. AP’s Radio BSSID is observed by any of the managed APs,
2. AP is seen transmitting on the Ethernet side on the same L2 as the APs.
3. At least one client is connected to the AP.
Any AP not meeting all of the conditions above is classied as a neighbor. Neighbor APs can be rogue; until a client connects
it is not possible to determine whether the AP is rogue or not.
Neighbor APs as well as rogue APs will be detected and maintained in the controller. The controller also maintains current
count of the rogue APs as well rogue APs seen in the last 24 hours. All Neighbor as well as rogue APs will be displayed, up to
a maximum of 512 APs.
Neighbor and rogue APs are detected by scanning, and the AP is off-channel during this time. Because the detection interval is
long, it will take at least one such interval (and possibly more) for a rogue or neighbor AP to be detected and appear.
Rogue AP Detection: Disabled by default.
Rogue Detection Interval: The interval at which Rogue Detection required on run on FWC2050. The default Rogue Detection
Interval is “Low”.
Alert Severity: Sets the severity of the alarm when Rogue APs are detected.