Rogue Detection Requirements 459

Table 58 SNMP Notifications for RF Detection

 

 

Notification Type

Description

 

 

CounterMeasureStop

Indicates that MSS has stopped

 

countermeasures against a rogue access

 

point.

RFDetetSpoofedMacAP

Indicates that MSS has detected a wireless

 

packet with the source MAC address of a

 

3Com MAP, but without the spoofed MAP’s

 

signature (fingerprint).

RFDetectSpoofedSSIDAP

Indicates that MSS has detected beacon

 

frames for a valid SSID, but sent by a rogue

 

AP.

RFDetectDoS

Indicates that MSS has detected a DoS attack

 

other than an associate request flood,

 

reassociate request flood, or disassociate

 

request flood.

RFDetectDoSPort

Indicates that MSS has detected an associate

 

request flood, reassociate request flood, or

 

disassociate request flood.

RFDetectClientVARogueWiredAP

Indicates that MSS has detected, on the wired

 

part of the network, the MAC address of a

wireless client associated with a third-party AP.

To use countermeasures, they must be enabled. You can enable them on an individual radio profile basis. (See “Viewing and Configuring Radio Profiles” on page 263.)

Mobility Domain RF Detection requires the Mobility Domain to be completely up. If a Requirement Mobility Domain is not fully operational (not all members are up), no new

RF Detection data is processed. Existing RF Detection information ages out normally. Processing of RF Detection data is resumed only when all members of the Mobility Domain are up. If a seed switch in the Mobility Domain cannot resume full operation, you can restore the Mobility Domain to full operation, and therefore resume RF Detection data processing, by removing the inoperative switch from the member list on the seed.

Page 459
Image 459
3Com 3CRWXR10095A, 3CRWX120695A WXR100, WX4400 3CRWX440095A WX1200 manual Snmp Notifications for RF Detection