542Rogue Detection and Countermeasures

Countermeasures

You can enable WSS Software to use countermeasures against rogues. Countermeasures consist of packets that interfere with a client’s ability to use the rogue.

Countermeasures are disabled by default. You can enable them on an individual radio-profile basis. When you enable them, all devices of interest that are not in the known devices list become viable targets for countermeasures. The Mobility Domain’s seed switch automatically selects individual radios to send the countermeasure packets.

Summary of Rogue Detection Features

Table 33 lists the rogue detection features in WSS Software.

Table 33: Rogue Detection Features

Rogue Detection

 

Applies To

 

Description

 

 

Third-Party

 

Feature

Clients

 

 

 

APs

 

 

 

 

 

 

 

Classification

WSS Software can classify third-party

Yes

Yes

 

APs as rogues or interfering devices. A

 

 

 

rogue is a third-party AP whose MAC

 

 

 

address WSS Software knows. An

 

 

 

interfering device does not have a

 

 

 

MAC address known to WSS

 

 

 

Software.

 

 

 

WSS Software can detect rogue clients,

 

 

 

locate their APs, and issue

 

 

 

countermeasures against the APs.

 

 

 

 

 

 

Permitted vendor list

List of OUIs to allow on the network.

Yes

No

 

An OUI is the first three octets of a

 

 

 

MAC address and uniquely identifies

 

 

 

an AP’s or client’s vendor.

 

 

 

 

 

 

Permitted SSID list

List of SSIDs allowed on the network.

Yes

No

 

WSS Software can issue

 

 

 

countermeasures against third-party

 

 

 

APs sending traffic for an SSID that is

 

 

 

not on the list.

 

 

 

 

 

 

Client black list

List of client MAC addresses that are

No

Yes

 

not allowed on the wireless network.

 

 

 

WSS Software drops all packets from

 

 

 

these clients.

 

 

 

 

 

 

Attack list

List of AP MAC addresses to attack.

Yes

No

 

WSS Software can issue

 

 

 

countermeasures against these APs

 

 

 

whenever they are detected on the

 

 

 

network.

 

 

 

 

 

 

320657-A

Page 542
Image 542
Nortel Networks 2300 manual Summary of Rogue Detection Features, Countermeasures