458 CHAPTER 17: DETECTING AND COMBATTING ROGUE DEVICES
Rogue Detection Requirements
Rogue detection in 3WXM has the following requirements.
The Enable Rogue Detection option must be selected on the
Monitoring Settings tab of the 3WXM Services Setup dialog. (See
“Changing Monitoring Settings” on page 500.)
To use countermeasures, they must be enabled. You can enable them
on an individual radio profile basis. (See “Viewing and Configuring
Radio Profiles” on page 263.)
SNMP notifications must be enabled on the WX switches. Table58
lists the notification types related to RF detection. The notification
types for Intrusion Detection System (IDS) and Denial of Service (DoS)
protection are also listed. (To enable notifications on a switch, see
“Configuring SNMP” on page 187.)
Table58 SNMP Notifications for RF Detection
Notification Type Description
Rogue detection notifications
RogueDetect Indicates that MSS has detected a rogue AP.
RFDetectRougeDisappear Indicates that MSS is no longer detecting a
previously detected rogue AP.
RFDetectInterferingRogueAP Indicates that MSS has detected an interfering
device.
RFDetectInterferingRogueDisappear Indicates that MSS is no longer detecting a
previously detected interfering device.
RFDetectAdHocUser Indicates that MSS has detected an ad-hoc
user.
RFDetectUnAuthorizedSSID Indicates that MSS has detected an SSID that
is not on the permitted SSID list.
RFDetectUnAuthorizedOUI Indicates that MSS has detected a wireless
device that is not on the list of permitted
vendors.
RFDetectUnAuthorizedAP Indicates that MSS has detected the MAC
address of an AP that is on the attack list.
IDS/DoS notifications
For more information about IDS/DoS, see the “IDS and DoS Alerts” section in the
“Rogue Detection and Countermeasures” chapter of the Wireless LAN Switch and
Controller Configuration Guide.
CounterMeasureStart Indicates that MSS has begun
countermeasures against a rogue AP.