458CHAPTER 17: DETECTING AND COMBATTING ROGUE DEVICES

Rogue Detection Requirements

Rogue detection in 3WXM has the following requirements.

„The Enable Rogue Detection option must be selected on the Monitoring Settings tab of the 3WXM Services Setup dialog. (See “Changing Monitoring Settings” on page 500.)

„To use countermeasures, they must be enabled. You can enable them on an individual radio profile basis. (See “Viewing and Configuring Radio Profiles” on page 263.)

„SNMP notifications must be enabled on the WX switches. Table 58 lists the notification types related to RF detection. The notification types for Intrusion Detection System (IDS) and Denial of Service (DoS) protection are also listed. (To enable notifications on a switch, see “Configuring SNMP” on page 187.)

Table 58 SNMP Notifications for RF Detection

Notification Type

Description

 

 

Rogue detection notifications

 

RogueDetect

Indicates that MSS has detected a rogue AP.

RFDetectRougeDisappear

Indicates that MSS is no longer detecting a

 

previously detected rogue AP.

RFDetectInterferingRogueAP

Indicates that MSS has detected an interfering

 

device.

RFDetectInterferingRogueDisappear

Indicates that MSS is no longer detecting a

 

previously detected interfering device.

RFDetectAdHocUser

Indicates that MSS has detected an ad-hoc

 

user.

RFDetectUnAuthorizedSSID

Indicates that MSS has detected an SSID that

 

is not on the permitted SSID list.

RFDetectUnAuthorizedOUI

Indicates that MSS has detected a wireless

 

device that is not on the list of permitted

 

vendors.

RFDetectUnAuthorizedAP

Indicates that MSS has detected the MAC

 

address of an AP that is on the attack list.

IDS/DoS notifications

 

For more information about IDS/DoS, see the “IDS and DoS Alerts” section in the “Rogue Detection and Countermeasures” chapter of the Wireless LAN Switch and Controller Configuration Guide.

CounterMeasureStart

Indicates that MSS has begun

 

countermeasures against a rogue AP.

 

 

Page 458
Image 458
3Com WX4400 3CRWX440095A WX1200 Rogue Detection Requirements, Snmp Notifications for RF Detection, IDS/DoS notifications