CLI Reference Guide
422 CHAPTER 11: DETECTING AND COMBATTING ROGUE DEVICES
To use countermeasures, they must be enabled. You can enable them on
an individual radio profile basis. (See “Configuring a Radio Profile” on
page 245.)
RFDetectUnAuthorizedOUI Indicates that MSS has detected a wireless
device that is not on the list of permitted
vendors.
RFDetectUnAuthorizedAP Indicates that MSS has detected the MAC
address of an AP that is on the attack list.
IDS/DoS notifications
For more information about IDS/DoS, see the “IDS and DoS Alerts” section in the
“Rogue Detection and Countermeasures” chapter of the Wireless LAN Switch and
Controller Configuration Guide.
CounterMeasureStart Indicates that MSS has begun
countermeasures against a rogue AP.
CounterMeasureStop Indicates that MSS has stopped
countermeasures against a rogue access
point.
RFDetetSpoofedMacAP Indicates that MSS has detected a wireless
packet with the source MAC address of a
3Com MAP, but without the spoofed MAP’s
signature (fingerprint).
RFDetectSpoofedSSIDAP Indicates that MSS has detected beacon
frames for a valid SSID, but sent by a rogue
AP.
RFDetectDoS Indicates that MSS has detected a DoS attack
other than an associate request flood,
reassociate request flood, or disassociate
request flood.
RFDetectDoSPort Indicates that MSS has detected an associate
request flood, reassociate request flood, or
disassociate request flood.
RFDetectClientVARogueWiredAP Indicates that MSS has detected, on the wired
part of the network, the MAC address of a
wireless client associated with a third-party
AP.
Table 58 SNMP Notifications for RF Detection
Notification Type Description