Manualshelf

User's Manual

ManualsBrandsRiverbed Technology ManualsElectronicsXirrus Wireless Array
351352353354355356357358359360
Table Of Contents
Wireless Array
Configuring the Wireless Array 331
About Blocking Rogue APs
If you classify a rogue AP as bloc
ked (see “Rogue Control List” on page 240), then
the Array will take measures to prevent stations from staying associated to the
rogue. When the monitor radio is scanning, any time it hears a beacon from a
blocked rogue it sends out a broadcast “deauth” signal using the rogue's BSSID
and source address. This has the effect of disconnecting all of a rogue AP’s clients
approximately every 5 to 10 seconds, which is enough to make the rogue
frustratingly unusable.
The Advanced RF Settings window allows you to set up Auto Block parameters
so that unknown APs get the same treatment as explicitly blocked APs. This is
basically a “shoot first and ask questions later” mode. By default, auto blocking is
turned off. Auto blocking provides two parameters for qualifying blocking so that
APs must meet certain criteria before being blocked. This keeps the Array from
blocking every AP that it detects. You may:
Set a minimum RSSI value for the AP for example, if an AP has an RSSI
value of -90, it is probably a harmless AP belonging to a neighbor and not
in your building.
Block based on encryption level.
Block based on whether the AP is part of an ad hoc network or
infrastructure network.
Procedure for Configuring Intrusion Detection
RF Intrusion Detection and Auto Block Mode
1. Intrusion Detection Mode: T
his option allows you to choose the
Standard intrusion detection method, or you can choose Off to disable
this feature. See “Array Monitor and Radio Assurance Capabilities” on
page 460 for more information.
Standard enables the monitor radio to collect Rogue AP
information.
Off — intrusion detection is disabled.