Manuals / HP / Computer Equipment / Software

HP Manager Software manual Rogue Detection Lists

Models: Manager Software

1 506

Download 506 pages 24.55 Kb

Page 423

Rogue Detection Lists 423

Rogue Detection Rogue detection lists specify the third-party devices and SSIDs that MSS

Listsallows on the network, and the devices MSS classifies as rogues. You can

configure the following rogue detection lists:

Permitted SSID list—A list of SSIDs allowed in the Mobility Domain. MSS generates a message if an SSID that is not on the list is detected.

Permitted vendor list—A list of the wireless networking equipment vendors whose equipment is allowed on the network. The vendor of a piece of equipment is identified by the Organizationally Unique Identifier (OUI), which is the first three bytes of the equipment’s MAC address. MSS generates a message if an AP or wireless client with an OUI that is not on the list is detected.

Client black list—A list of MAC addresses of wireless clients who are not allowed on the network. MSS prevents clients on the list from accessing the network through a WX switch. If the client is placed on the black list dynamically by MSS due to an association, reassociation or disassociation flood, MSS generates a log message.

Known addresses list—A list of third-party devices that you want to exempt from rogue detection. MSS does not count devices on the ignore list as rogues or interfering devices, and does not issue countermeasures against them.

An empty permitted SSID list or permitted vendor list implicitly allows all SSIDs or vendors. However, when you add an entry to the SSID or vendor list, all SSIDs or vendors that are not in the list are implicitly disallowed.

An empty client black list implicitly allows all clients, and an empty ignore list implicitly considers all third-party wireless devices to be potential rogues.

All the lists except the black list require manual configuration. You can configure entries in the black list and MSS also can place a client in the black list due to an association, reassociation or disassociation flood from the client.

The rogue classification algorithm examines each of these lists when determining whether a device is a rogue. The following figure shows how the rogue detection algorithm uses the lists.

Image 423

HP Manager Software manual Rogue Detection Lists

Contents

3CRWXR10095A, 3CRWX120695A, 3CRWX440095A Wireless LAN Mobility SystemUnited States Government Legend 3Com Corporation 350 Campus Drive Marlborough, MA USAContents Starting 3WXM Site Objects Alerts Panel Content Panel Monitor Tab130 Planning the 3COM Mobility System210 Configuring WX System and Administrative Parameters245 Configuring IP AliasesConfiguring DNS 230 Configuring NTP 231 Configuring ARP 233 226300 268Creating and Managing Users in the Local User Database 285Managing Certificates 397 361 Displaying 802.11 Coverage 362364 394423 430448 Generating a Radio Details Report 449 Using 3WXM with HP Openview Register Your Product 497 Obtaining Support for Your ProductPage Conventions List conventions that are used throughout this guideIcon Description This manual uses the following text and syntax conventions Including new features and bug fixes3WXM for advanced configuration and management DocumentationPddtechpubscomments@3com.com CommentsExample Requirements for HardwareRequirements HardwareNumber Radios WX Switches 50+ WX Switches Hardware Requirements for 3WXM Monitoring ServiceHardware Requirements for Running 3WXM Monitoring Service Hard drive space Available Monitor resolutionInstallation SoftwarePreparing for Installing 3WXM If Autorun is disabled, follow these steps Wizard Using the Installation To use the installation wizardInstalling 3WXM Installing 3WXM OpenView Plug-In Installing the HP To install the HP OpenView plug-inInstalling 3WXM Click Get Activation Key Installing 3WXM Click Uninstall Click Continue Switches or monitor network data OverviewManager 3WXM interface Working with the 3WXM User Interface View Object Details or View Alerts from the main toolbar Menu OptionsMain 3WXM WindowMenu Menu Option Description 3WXM Menu OptionsTo add a WX switch Devices Apply Auto-Tune Association failure rates Open the 3Com 3WXM Administrator’s Organizer Panel Working with the 3WXM User Interface Select an object Details are displayed here Object Settings for the following management servicesLocation Policy Object DescriptionWorking with the 3WXM User Interface Mobility Domain Objects WX Switch ObjectsPorts/MAPs Third Party AP Objects Lists the object that can appear under Third Party APsAlerts Panel Content panel with more detailsAlert Category Description Lists the types of alerts displayed in the Alerts panelContent Panel Content panel displays information for objects selectedToolbar option of the main 3WXM window Monitor Tab Explore Window Working with the 3WXM User Interface „ Green Up Monitor Tab Status Summary Window Monitor Tab Client Monitor Window Monitor Tab RF Monitor Window Monitor Tab RF Trends Window Working with the 3WXM User Interface Resolutions Error/Warning Details Working with the 3WXM User Interface Content Panel Information panel Wizards ConfigurationWorking with the 3WXM User Interface Configuration Wizards Reports Reports Pasting Objects CopyingReplace New switch appears under the Mobility DomainWindows XP Only Enabling KeyboardShortcut MnemonicsEnabling Keyboard Shortcut Mnemonics Windows XP Only Working with the 3WXM User Interface Managing network plans, and defining a Mobility Domain Switch Manager 3WXM, restricting access to 3WXM, creatingFollowing steps describe how to start 3WXM Starting 3WXMGetting Started To 3WXM Restricting AccessGetting Started Accounts Monitor AccountsMonitor accounts To create a provision or monitor accountCreating Managing NetworkPlans You must select a country code before continuing PlanSaving a Network Plan Creating and Managing Network Plans Saving a Network Plan with a New Name Creating and Managing Network Plans Getting Started Plan Getting Started To override another user’s lock Getting Started Defining a Mobility Domain Domain Traffic Ports Used for AAA Servers and Management ServersProtocol Port Function Do one of the following „ To close the wizard, click Finish Getting Started Live network Provide about your wireless coverage needsBuilding Wizard Network design informationPlanning the 3COM Mobility System Building Wizard Setup Toolbar Options on SetupOptionDescription Building Wizard Edit Content Lists the toolbar icons at the top of the floor display area Toolbar Options on Edit ContentBuilding Wizard Plan RF Coverage Toolbar Options on Plan RF Coverage Building Wizard Optimize RF Coverage Toolbar Options on Optimize RF Coverage Toolbar Options on Report Building Wizard ReportCampus Creating a SitePlanning the 3COM Mobility System Modifying Buildings in a Site Creating orPlanning the 3COM Mobility System Creating or Modifying Buildings in a Site Importing or Drawing FloorDetails File Recommendations To prepare a drawing before importing it into 3WXM Preparing a Drawing Before Importing ItImporting or Drawing Floor Details Planning the 3COM Mobility System Common AutoCAD Layer Names Useful AutoCAD Operations and Naming-ConventionsImporting the Drawing Operating TipsClick Import Floor Layout Importing or Drawing Floor Details To crop the paper space Importing or Drawing Floor Details Origin point To adjust the origin pointNew location of origin point Hiding Layers To adjust the scaleAdding or removing a layer Moving an object from one layer to another To clean up a drawing Planning the 3COM Mobility System Importing or Drawing Floor Details To draw an object Click Finish to save the changes and close the wizardObjectAction Properties Characteristics of a Specifying the RFFloor Go to To use the Create RF Obstacle Dialog box on To create RF obstacles for an area in a drawingTo create RF obstacles by grouping objects To use the Create RF Obstacle Dialog box ObjectAction Planning the 3COM Mobility System Coverage To create a wiring closet Shared Coverage Areas Area Drawing a Coverage Area Coverage Area Choices wizard appears Go to Specifying the Wireless Technology for a Coverage Area Specifying the Wireless Technology for a Coverage Area Specifying Coverage Area Properties Planning the 3COM Mobility System Specifying Association Information Go to Specifying Association InformationPlanning the 3COM Mobility System Defining Wireless Coverage Areas WX4400 switches support distributed MAP connections only Setting Attributes for a Third-Party Access Point Planning the 3COM Mobility System Configuring Radio Attributes Moving the AP Icon to its Floor Location Computing MAP Placement To specify design constraints Computing MAP Placement WX4400 switches support indirect MAP connections only To compute and place MAP access points To review coverage area computation Go to To review coverage area computationComputing MAP Placement Planning the 3COM Mobility System To unlock a coverage area Locking and Unlocking Coverage AreasTo lock a MAP Locking and Unlocking MAP Access PointsTo assign channels Planning the 3COM Mobility System To compute optimal power Planning the 3COM Mobility System To resolve optimal power computation problems Resolving coverage gaps Verifying the Wireless NetworkTo place an RF measurement point „ To list disabled access points, select Show Disabled MAPs To use the RF interactive measurement mode Signal strengths for any location on the floorShows the information available in the RF measurement table RF Measurement InformationValue Generating RF Network Design Information Information Reviewing Layout To see the floor layout, click View LayoutClick Generate Work Order To generate a work orderApplying RF Auto-Tuning Settings to the Network Plan Click Next. The progress is displayed Click Finish Planning the 3COM Mobility System Following figure shows an example of the wizard WX Switch Wizard„ AAA WX Switch Wizard Overview Settings, and so on. This page is shown above WX Switch Wizard Overview Configuring WX System and Administrative Parameters WX Switch Wizard Overview Network Plan Switch toInsert Wireless Switch Adding a WXSee Adding a WX Switch to the Network Plan on Accessing the WXSwitch Wizard Configuration fileWX Properties Configuring VLANs Configuring WX System and Administrative Parameters Roaming and VLANs Vlan NamesConfiguring Vlan Basic Properties To configure Vlan basic properties Adding Ports to a Vlan Configuring Spanning Tree Protocol Configuring WX System and Administrative Parameters Configuring Spanning Tree Port Information Configuring Igmp „ To close the wizard and save the changes, click Finish Configuring Static Multicast Ports Configuring STP Fast Convergence Features Configuring the MSS Dhcp ServerSelect Spanning Tree Properties Select Config Edit Configuring WX Management Services Setting System To set system information Configuring WX System and Administrative Parameters Configuring WX Management Services Reenabling WebAAA To configure Snmp Do one of the following V1 or V2c Community String Configuring an Snmp To configure an Snmp community stringV3 User Configuring an Snmp To configure an SNMPv3 userConfiguring WX System and Administrative Parameters Configuring a Notification Profile Configuring a Notification TargetTo configure a notification target Do one of the following For SNMPv3, select the USM user Setting Up System Logging Configuring WX System and Administrative Parameters To set up a syslog server Setting Up a Syslog ServerExpand Management Services Configuring TracingDeleting Traces To delete a trace Organizer pane, expand the WX switchTo set summertime information To set up a time zoneConfiguring WX Management Services Wired users is not encrypted after they are authenticated Configuring WiredAuthentication Wired authentication port is an Ethernet port that hasConfiguring Other networking devices such as switches and routersNetwork Ports WX1200 ports support full-duplex mode only Configuring Load Sharing Configuring IP Services Creating Static Routes To close the Create Static Route dialog box, click Finish Configuring Default RoutesTo create an IP alias Do one of the following Creating IP AliasesSetting Up DNS Basic Properties Adding DNS Servers Setting NTP Properties Creating NTP ServersClick New NTP Server Adding ARP Entries Configuring WX System and Administrative Parameters Parameters Configuring Wireless Parameters RSN Service Profile Configuring aMycorp/mycorp-login.htm Configuring To configure encryption, follow these steps Configuring WEPEncryption Configuring a Service Profile Configuring WPA or RSN WPA and RSN Authentication MethodsWPA and RSN Cipher Suites To configure WPA or RSN authentication To configure WPA or RSN encryption choices Profile To map a service profile to a radioConfiguring Wireless Parameters Configuring a Radio Profile RF Auto-Tuning Configuring a Radio Profile To apply a radio profile to radios Connected and Distributed MAPs combined MAP Access PointsConfigure a MAP port for each directly connected MAP Directly ConnectedConfiguring Wireless Parameters „ 112233445566778899aabbccddeeff00 Configuring Wireless Parameters Transmit Power box, specify the transmit power for the radio Configuring Wireless Parameters Configuring Directly Connected MAP Access Points Indirectly connected MAP Access PointsWX Switch Model Maximum Maximum Booted Configured Distributed MAPConfiguring Distributed MAP Access Points „ 112233445566778899aabbccddeeff00 Configuring Distributed MAP Access Points Configuring Wireless Parameters Authorization , Connecting to Server GroupsOverview on To change default values for Radius parameters To define a Radius server Connecting to Radius Servers and Server Groups To define a Radius server group Changing the Order in a Radius Server Group Managing UsersLocal User DatabaseTo configure user authentication properties You can create two types of users in the local databaseDatabase Click Choose Available To configure user group authentication propertiesLocal database To configure MAC address user authentication propertiesClick Choose Available To configure user authorization attributes Start-date,end-date, or both Authentication Attributes for Local UsersAttribute Description Valid Values Encryption-type End-dateAttribute Description Valid Values Filter-id Idle-timeoutAttribute Description Valid Values Mobility-profile Attribute Description Valid Values Session-timeout SsidStart-date Url Attribute Description Valid Values Time-of-dayAttribute Description Valid Values Vlan-name User Globs Accept user globs and MAC address globsVlan Globs MAC Address GlobsTo set the authentication method for administrator access To set the accounting method for administrator access Console Access Rules Managing AdministratorAuthentication Configuring and Managing Access Rules for Network UsersMSS provides the following types of authentication Authentication TypesAuthentication Algorithm To 802.1X? Yes Last-Resort Processing Ssid Name AnyUser Credential Requirements Page Authentication To configure authentication rules Page To configure authentication settings Page Accounting Page Policy To change the order of access rulesLocation Policies About the LocationTo create a location policy rule „ PortsConfiguring Location Policies Click Close To create a proxy authentication rule Configuring AAA for Clients of Third-Party APsTo create a Radius proxy client entry To configure a port as a Radius proxy for an Ssid To create a Mobility Profile Mobility ProfilesIncluded, or you can specify a list of ports to be included Attribute VSASecurity Using AccessCreating Access Control Lists forSetting Up ACL Basic Properties Go to Defining Access Control EntriesDefining Access Control Entries Creating an IP ACE Page Creating a TCP or UDP ACE Creating an Icmp ACE To define the action of the ACEType box, specify the Icmp type used to filter Icmp packets Icmp Message Type Number Code Number Icmp Messages and CodesCreating a Layer 4 Protocol ACE Commonly Used IP Protocol NumbersIP Protocol Number To add ACEs to an ACL and organize them For a complete list of IP protocol numbers, see Click FinishMapping User-Based ACLs Mapping an ACL to a Vlan Mapping ACLs to Ports, VLANs, or Virtual PortsMapping an ACL to a Distributed MAP ACL Map page, click NewMapping an ACL to a Virtual Port Mapping an ACL to a PortConfiguring 802.1X Parameters Attempts Click Finish Page WX File Management Options in 3WXM Chapter where the options are describedManaging WX System FilesNetwork on Uploading a WX SwitchConfiguration into Not defined in 3WXM, uploading the WX configuration createsTo upload a WX switch configuration Verifying Refresh Refreshes the data Options Toolbar Options on Verification TabTo resolve an error or warning To disable a specific instance of a warning or error Select the warning or error messageTo globally disable a warning or error To disable or reenable a rule To change verification optionsOr for specific instances Managing WX System Images and Configurations Changes NetworkToolbar Options on Managed Devices Tab Changes To review changes To deploy local changes Click Deploy NowTo accept network changes To undo changes NonmatchingOptions Alerts panel To modify configuration polling options Switches from a Deploying WXNetwork Plan to Files Distributing ImageClick Distribute To distribute a system imageSelect Distribute Config Click Distribute Importing Exporting WX switch Configuration FilesDistributing WX Configuration Files To distribute a WX configuration fileImporting and Exporting WX switch Configuration Files Managing WX System Images and Configurations Applying Policies How Changes AreManaged Configuring a Policy Configuration InformationFor This Feature Area See Configuration Information Reviewing Applying Policy SettingsRebooting WX Switches or MAP Access PointsClick Review Changes Distributing PKS #12 files „ 802.1X-EAP certificate for a WX switch„ WebAAA certificate for a WX switch When 3WXM connects to 3WXM Services or a WX switch,Processing CertificatesTo process a certificate Select Tools Certificate Management ManagingCertificate that is stored in the 3WXM certificate store To review certificate detailsManaging Certificates Statistics and the event log Switches and shows information based on those trapsMonitoring AccessingTo access monitored data Requirements forUsing the Explore Window „ Green Up IconDescription Toolbar Options in Link View of Explore WindowToolbar Options in Floor View of Explore Window Lists the options on the toolbar in the floor viewToolbar Options in Floor View of Explore Window Monitoring the Network Using the Explore Window Monitoring the Network Display Option Coverage Display Options in Explore WindowTo take an RF measurement 3Com radio on the floorRF measurement point Rssi measurements Using the Status Summary WindowStatus Summary window shows the operational status of 3Com Toolbar Options in Client Monitor Window Using the ClientMonitor Window Activity on the networkTo refresh the data automatically To refresh the data on demandClient Activity Columns When a Mobility Domain is Selected Data Displayed When a Mobility Domain or Site is SelectedNumber of times authentication for a client failed Client Activity Columns When a Mobility Domain is Selected Data Displayed When a Switch, MAP, or Radio is SelectedSsid Activity Details for Authentication Failure Activity Details for Association FailureColumn Description Peap Activity Details for Authorization FailureColumnDescription Activity Details for Authorization SuccessfulDOT1X Activity Details for Disassociation Activity Details for Client ClearedActivity Details for Dot1x Failure Activity Details for Roam Data Displayed When a Mobility Domain is SelectedClient Sessions Columns When a Mobility Domain is Selected Client Sessions Columns When Scope Is a Mobility Domain Data Displayed When the Scope is a Mobility DomainData Displayed When a WX Switch, MAP, or Radio is Selected Session Properties Columns Displaying Session DetailsAuthentication Server New location Session Statistics Columns Session Statistics Columns Location History Columns Adding a Client to the Watch List Clients on the watch list by MAC address„ natasha@example.com Using the Client Monitor Window Displaying the Client Watch List Removing a Client from the Watch List Details are displayed on the following tabsDisplaying a Client’s Geographical Location Terminating a Client’s To terminate a client’s sessionSession Ssid the radio can hear Using the RF„ RF Neighborhood lists the other transmitting devices that Radio can hearWindow Displaying RFMapping WindowRF Monitor RF Neighborhood Columns RF Monitor Activity Log Columns RF Monitor Environment Columns StatisticsCan indicate interference from a non-802.11 device As cordless phones and webcams, appear to generate RF Trends ColumnsStatistics To access performance statistics from the networkAccessing Realtime Performance Statistics Monitoring the Network Accessing Realtime Performance Statistics Viewing Current Data „ Octets In/Out „ Packets In/Out „ Errors In/OutViewing Historical Data Viewing Data in Percentages Accessing Realtime Performance Statistics To export data to a file Exporting Performance DataEvent log Accessing the EventLog DisplayingToolbar Options on Event Tab Using Predefined Event FiltersTo filter messages by content Filtering Events by ContentMonitoring the Network Filtering Events by Severity Filtering Events by FacilitySaving Filters Exporting Filtered Data Deleting FiltersAccessing the Event Log Monitoring the Network Users Dynamic Frequency Selection DFS Both enabled radios and disabled radios perform these scansRogue Detection Requirements Snmp Notifications for RF DetectionNotification Type Description Other than an associate request flood Rogue Detection Lists Detecting and Combatting Rogue Devices Using the Rogue Detection Tab Toolbar Options on Rogue Detection Tab To filter the rogue listUsing the Rogue Detection Tab Current, Current Hour, Current Day, and History Tabs To change the scope of the rogue listRogue Listener Details Columns Activity Log TabListeners Tab Rogue Details ColumnsLocation Displaying aRogue’s GeographicalThey are present on the network Adding a Device toAttack List To add a device to the ignore listInto a Third Party Converting a RogueList Configuring RFAdding a Rogue’s Clients to the BlackType the SSID. c Click Finish Click Permitted OUI ListConfiguring RF Detection Options from the Organizer Panel Detecting and Combatting Rogue Devices Generating Reports Site Survey Work ordersClick Generate Generating anInventory Report To generate an inventory reportMobility Domain SwitchesMobility Domain Configuration Report dialog box appears Generating aWX Configuration Report Sections Configuration ReportSummary Report Details Report Click Generate Errors Report Click Generate Network usage report lists network usage statistics Generating a Network Usage ReportSummary Report Scope is always MAP Radio and cannot be changed Details Report Generating a Rogue Summary Report Click Generate Click View Work Order Generating Reports Importing Measurements Importing RFMeasurements RF obstacle dataOptimizing a Network Plan Map name must match the name used in the site survey tool Applying the RF Measurements to Floor Plan Locating a Coverage Hole Locating and FixingCoverage Holes Coverage holes by displaying coverageOptimizing a Network Plan Installed to Network Plan Optimizing a Network Plan To start 3WXM from Network Node Manager Preparing to Use HP OpenView and 3WXMFrom Network Node ManagerChapter a Using 3WXM with HP Openview To change 3WXM preferences, in the main 3WXM window, select Change options for network synchronization, user interfaceLogging That systemSynchronization ResettingPreferences Values Changing NetworkChanging Network Synchronization Options Changing User Interface Options Within Window Style, select one of the following„ Multiple Show the topology in multiple windows Changing Tools Click the Certificate Handling tab ChangingCertificate Check onYou can change the following RF planning options Typical Client’s Transmit PowerChanging Options For RF PlanningChapter B Changing 3WXM Preferences To Change a Color Defining a Color from the Palette Defining a Color by Changing HSB Properties Defining a Color by Changing RGB Properties Changing 3WXM Logging Options Chapter B Changing 3WXM Preferences Preferences Chapter C Changing 3WXM Services Preferences Stopping 3WXM ServicesServices Starting orTo connect to 3WXM Services Connecting to 3WXM ServicesVerify that the service is running on the server Chapter C Changing 3WXM Services Preferences Verifying that Receiving ServiceChanging Service SettingsChapter C Changing 3WXM Services Preferences Changing WX WX connection settings control the timeout and retries forService will accept from the WX switches Click the WXs Connection Settings tabChapter C Changing 3WXM Services Preferences Monitor tab and for the Performance Statistics window Windows. lists the source of the data for each windowSources of Monitor Data Polling Interval is 5 minutes and cannot be changed Click the Monitoring Settings tabChanging Monitoring Settings Https//ip-addr Managing Network Plans Chapter C Changing 3WXM Services Preferences Backup Chapter C Changing 3WXM Services Preferences Value-Added Register YourProduct PurchaseTechnical Support Access SoftwareDownloads TelephoneContact Us Country Telephone Number Latin America Telephone Technical Support and RepairUS and Canada Telephone Technical Support and Repair Index Index User privileges Configuring SSH Index Index