Manuals / Proxim / Computer Equipment / Network Router

Proxim AP-700 manual Rogue Scan, Preventing Rogue AP Attacks

Models: AP-700

1 221

Download 221 pages 11.69 Kb

Page 83

Advanced Configuration				AP-700 User Guide
Alarms


	Syslog Message Name	Priority	Severity	Description

	CLI Configuration File Execution	4	Minor	There is an error in execution of the CLI
	Errors			configuration file. The message specifies the
				filename, line number, and error reason.

	SSH Initialization Failure	3	Major	One of the following failures occurs:
				Keys not present
				Keys cannot be generated
				Internal error (no available resources)

	SSH Key Generation Successful	6	Informational	SSH Key generation is successful.

	Wireless Service Shutdown	6	Informational	Wireless service is shutdown.

	Wireless Service Resume	6	Informational	Wireless service resumes.

	First MIC Report Attack	4	Minor	First MIC report attack is detected.

	Second MIC Report Attack	4	Minor	Second MIC report attack is detected.

	MIC Attack from Wireless Station	4	Minor	A MIC attack is detected from a wireless station.

	SNTP Time Retrieval Failure	4	Minor	SNTP Client in the AP fails to retrieve time
				information from the configured SNTP servers.
				Also included in message: IP Address of SNTP
				server.

	SNTP Time Sync-Up Failure	4	Minor	SNTP Client in the AP fails to synchronize the time
				with the SNTP server it was communicating with.
				Also included in message: IP Address of SNTP
				server.

Rogue Scan

The Rogue Scan feature provides an additional security level for wireless LAN deployments. Rogue Scan uses the selected wireless interface(s) for scanning its coverage area for Access Points and clients.

A centralized Network Manager receives MAC address information from the AP on all wireless clients detected by the AP. The Network Manager then queries all wired switches to find out the inbound switch/port of these wireless clients. If the switch/port does not have a valid Access Point connected to it as per a pre-configured database, the Network Manager proceeds to block that switch/port and prevent the Rogue AP from connecting to the wired network.

Figure 4-25 Preventing Rogue AP Attacks

83

Image 83

Proxim AP-700 manual Rogue Scan, Preventing Rogue AP Attacks

Contents

ORiNOCO AP-700 Access Point User Guide AP-700 User Guide CopyrightTrademarks OpenSSL License Note Contents Management Contents AP-700 User Guide Monitoring CommandsTroubleshooting General Notes Command Line Interface CLI Regulatory Compliance Ascii Character Chart C SpecificationsStatement of Warranty Technical Support AP-700 User Guide Document Conventions Introduction to Wireless NetworkingIntroduction Introduction AP-700 User Guide Ieee 802.11 SpecificationsGuidelines for Roaming HTTP/HTTPS Interface Command Line InterfaceManagement and Monitoring Capabilities SNMPv3 Secure Management Snmp ManagementSSH Secure Shell Management Page Overview Installation and InitializationAP-700 Hardware Description External Antennas Installation and Initialization AP-700 User GuideAntennas Active Ethernet LED Indicators Prerequisites Installation and Initialization AP-700 User Guide System Requirements Product Package Cabling the AP-700 Hardware InstallationRequired Materials Mounting the AP-700 to a Ceiling Installing the Security CoverMounting the AP-700 AP-700 Mounting Plate Mounting the AP-700 to a Wall Installing External Antennas Opening the Antenna Compartment Installing the AP in a Plenum ScanTool Instructions Using ScanToolInitialization Scan List Select Tools Internet Options Click LAN SettingsEnter Network Password screen appears Logging 11 System Status Screen Using the Setup Wizard 12 Setup Wizard Setup Wizard Instructions Installing the Software Click Commands Update AP via Http Install Software with Http Interface Install Software with Tftp Server Click Commands Reboot Related Topics Install Updates from your Tftp Server using the CLI System Status Screen System Status Advanced Configuration Configure Main Screen Advanced Configuration AP-700 User Guide Dynamic DNS Support SystemPage Network IP Configuration Advanced Dhcp ServerDNS Client Comment optional Advanced Configuration AP-700 User Guide NetworkStart IP Address End IP Address Dhcp Relay Agent Dhcp Server IP Address Table Dhcp Relay Agent Target IP Address Comment optional Link Integrity Sntp Simple Network Time Protocol Link Integrity Configuration Screen Sntp Configuration Screen Advanced Configuration AP-700 User Guide Network Interfaces Operational Mode Ieee 802.11d Support for Additional Regulatory Domains Advanced Configuration AP-700 User Guide InterfacesSuper Mode and Turbo Mode Configuring 802.11d Support Configuring TX Power Control TX Power Control/Transmit Power Level 10 Wireless Interface Wireless 802.11a/b/g RadioPage Affected Countries Dynamic Frequency Selection/Radar Detection DFS/RD RTS/CTS Medium Reservation Wireless Service Status Channel Blacklist Table Traps Generated During Wireless Service Shutdown and ResumeClick on Configure Interfaces Wireless Set Blacklist Status to Enable Bridging WDS 13 WDS Example 14 WDS Configuration WDS Setup Procedure 15 Adding WDS Links Ethernet 16 Ethernet Sub-tab Management Passwords Secure Management IP Access TableServices Https Access Secure Socket Layer Advanced Configuration AP-700 User Guide ManagementSnmp Settings Http Access 17 Management Services Configuration Screen SSH Clients SSH Session SetupConfiguring SSH Uploading Externally Generated Host Keys Click Commands Update AP via Http or via Tftp Radius Based Management Access Serial Configuration Settings Set up Automatic Configuration for Static IP Automatic Configuration AutoConfigAuto Configuration and the CLI Batch File Set up Automatic Configuration for Dynamic IP 19 Automatic Configuration Screen 20 Dhcp Options Setting the Boot Server Host Name Hardware Configuration Reset Chrd Click Configure Management Chrd Configuration Reset via Serial Port During BootupConfiguring Hardware Configuration Reset Procedure to Reset Configuration via the Serial Interface Select the Filter Operation Type FilteringEthernet Protocol Static MAC Advanced Configuration AP-700 User Guide Filtering Wireless MAC Address 0020A6124E38 Wired MAC Address 0040F41CDB6AWireless MAC Address 00022D5194E4 Wired MAC Address Click Add under the TCP/UDP Port Filter Table heading AdvancedTCP/UDP Port Number Click Edit under the TCP/UDP Port Filter Table heading Editing TCP/UDP Port Filters Groups Alarms Operational Trap Group Trap Name Description Severity Level Security Trap Group Trap Name Description Severity Level Flash Memory Trap Group Trap Name Description Severity Level Trap Name Description Severity Level Sntp Trap Group Trap Name Description Severity Level Alarm Host TableTftp Trap Group Trap Name Description Severity Level Image Trap Group Trap Name Description Severity Level Advanced Configuration AP-700 User Guide Alarms Event Priority Description Configuring Syslog Event NotificationsSyslog Syslog Message Name Priority Severity Description Syslog Messages Advanced Configuration AP-700 User Guide 25 Preventing Rogue AP Attacks Rogue Scan Rogue Scan Data Collection Continuous Scanning ModeBackground Scanning Mode Multi-Band Scanning Rogue Scan Click Configure Alarms Rogue Scan 26 Rogue Scan Screen Spanning Tree Bridge Storm Threshold Advanced Configuration AP-700 User Guide Bridge Packet Forwarding Configuring Interfaces for Packet ForwardingIntra BSS Enabling QoS and Adding QoS policies Wireless Multimedia Extensions WME/Quality of Service QoSClick Configure QoS Policy QoS Enter the Priority Mapping Index Advanced Configuration AP-700 User Guide QoS Priority Mapping Click Configure QoS Priority Mapping STA Edca Table and AP Edca Table Enhanced Distributed Channel Access Edca 32 Edca Tables Advanced Configuration AP-700 User Guide QoS Radius Profiles Radius Servers per Authentication Mode and per Vlan Radius Servers Enforcing Vlan Access Control Configuring Radius Profiles Advanced Configuration AP-700 User Guide 35 Add Radius Server Profile Radius Accounting MAC Access Control Via Radius Authentication802.1x Authentication using Radius 101 Authentication AttributesAccounting Attributes 102 103 SSID/VLAN/SecurityVlan Overview 104 Management Vlan Typical User Vlan ConfigurationsControl Access to the AP Click Configure SSID/VLAN/Security Mgmt Vlan Security Profile Provide Access to a Wireless Host in the Same WorkgroupDisable Vlan Tagging 107 Advanced Configuration AP-700 User Guide SSID/VLAN/SecurityAuthentication Process Wi-Fi Protected Access WPA/802.11i WPA2 108 Authentication Protocol Hierarchy 109 Configuring Security ProfilesClick Configure SSID/VLAN/Security Security Profile VLANs and Security Profiles WPA Station Non Secure StationWEP Station 802.1x Station 111 40 Security Profile Table Add Entries 112 113 MAC AccessWireless 114 Configuring an SSID/VLAN with Vlan Tagging Disabled 115 43 SSID/VLAN Edit Entries Screen Vlan Tagging Disabled 116 Configuring SSID/VLANs with Vlan Tagging EnabledClick SSID/VLAN/Security Wireless 117 45 SSID/VLAN Edit Entries Screen Vlan Tagging Enabled 118 Broadcast Ssid and Closed System 119 Monitoring Monitoring AP-700 User Guide Version Icmp Monitoring Tab IP/ARP Table Learn Table Monitoring Tab Learn Table Radius 124 125 Monitoring AP-700 User Guide Interfaces 126 127 Station Statistics 128 Monitoring AP-700 User Guide Station Statistics 129 CommandsIntroduction to File Transfer via Tftp or Http 130 Image Error Checking During File TransferTftp File Transfer Guidelines Http File Transfer Guidelines 131 Update APUpdate AP via Tftp Commands AP-700 User Guide 132 Update AP via HttpCommands AP-700 User Guide Update AP via Http 133 Commands AP-700 User Guide Retrieve FileRetrieve File Retrieve File via Tftp 134 Retrieve File via Http Retrieve File via Http Command Screen Commands AP-700 User Guide Reboot RebootReset Help Link 13 Help Link Configuration Screen 137 Connectivity Issues TroubleshootingTroubleshooting Concepts Symptoms and Solutions Basic Software Setup and Configuration Problems Client Connection Problems Active Ethernet AE Vlan Operation Issues Forced Reload Procedure Recovery ProceduresReset to Factory Default Procedure 143 Download a New Image Using ScanToolDownload Procedure Preparing to Download the AP Image 144 Download a New Image Using the Bootloader CLI Attaching the Serial Port Cable Setting IP Address using Serial PortInitializing the IP Address using CLI Hardware and Software Requirements 146 Radius Authentication ServerRelated Applications Tftp Server 147 Troubleshooting AP-700 User Guide Related Applications Notation Conventions Command Line Interface CLIGeneral Notes Prerequisite Skills and Knowledge Navigation and Special Keys CLI Error Messages 150 Command Line Interface CLI VariationsBootloader CLI Command Line Interface CLI AP-700 User Guide Example 1. Display Command list CLI Command TypesOperational CLI Commands Example 3a. Display every parameter that can be changed Example 2. Display specific CommandsExample 3. Display parameters for set and show Download Example 3b. Display parameters based on letter sequenceExample 4. Display Prompts for Successive Parameters Done, exit, quit 154 HelpHistory Passwd 155 Parameter Control CommandsShow CLI Command Search Examples Set CLI CommandConfiguring Objects that Require Reboot Set and show Command Examples Example 3 Modify a table entry or row Example 1 Set the Access Point IP Address ParameterExample 4 Enable, Disable, or Delete a table entry or row Example 2 Create a table entry or row 158 Example 5 Show the Group ParametersExample 6 Show Individual and Table Parameters 159 Using Tables and StringsUsing Strings Working with Tables Log into the AP using Telnet Configuring the AP using CLI commandsSet Basic Configuration Parameters using CLI Commands Log into the AP using HyperTerminal 161 Change PasswordsSet Network Names for the Wireless Interface Set System Name, Location and Contact Information 162 Country Code 163 Configure SSIDs Network Names, VLANs, and Profiles Set up Auto Configuration Other Network SettingsDownload an AP Configuration File from your Tftp Server Backup your AP Configuration File Configure the DNS Client Configure the AP as a Dhcp Server Autochannel Select ACS Operational ModeEnable/Disable Closed System Configure Antenna Diversity Shutdown/Resume Wireless ServiceEnable/Disable Super Mode 802.11a/g only Enable/Disable Turbo Mode 802.11a/g only Set Communication Ports Edit Management IP Access TableConfigure Management Ports 169 Configure Secure Socket Layer HttpsSet Telnet Session Timeouts Configure Serial Port Interface Add an Entry to the MAC Access Control Table Create/Enable WDSEnable/Disable WDS Setup MAC Address Access Control Figure A-17 Result of showradiustbl CLI Command 171 Add a Entry to the Wifssid Table Enable Vlan ManagementDisable Vlan Management CLI Monitoring Parameters 174 Parameter Tables 175 Filtering Parameters 176 Name Type Value Access CLI ParameterSet sysresettodefaults System Parameters 177 DNS Client for Radius Name ResolutionDhcp Server Parameters Name Type Value Access CLI Parameter Network Parameters 178 Dhcp Server table for IP poolsDhcp Relay Group Dhcp Relay Server Table 179 Sntp Parameters Name Type Value Access CLI ParameterLink Integrity IP Target Table 180 Wireless Interface ParametersInterface Parameters Common Parameters to 802.11a/b/g 181 802.11a Only Parameters 182 802.11b Only Parameters802.11b/g Only Parameters Mode For 802.11g-only modeFor 802.11b/g mode For 802.11b-only 184 Wireless Distribution System WDS ParametersWireless Interface SSID/VLAN/Profile Parameters Channel Blacklist Parameters 185 Wireless Distribution System WDS Security Table ParametersSnmp Parameters Name Type Value Access CLI Parameter Management Parameters 186 187 Http Parameters Name Type Value Access CLI ParameterTelnet Parameters Name Type Value Access CLI Parameter 188 Serial Port Parameters Name Type Value Access CLI ParameterRadius Based Management Access Parameters SSH Parameters 189 IP Access Table ParametersTftp Server Parameters 190 Filtering ParametersEthernet Filtering Table 191 Proxy ARP Parameters Name Type Value Access CLI ParameterTCP/UDP Port Filtering TCP/UDP Port Filtering Table Syslog Parameters Alarms ParametersName Type Value Access CLI Parameter Syslog Group 192 Snmp Table Host Table Parameters 193 Syslog Host Table 194 Bridge ParametersSpanning Tree Priority and Path Cost Table 195 Storm Threshold TableIntra BSS Subscriber Blocking Packet Forwarding Parameters 196 Radius Server Configuration ParametersRadius Parameters General Radius Parameters Security Parameters MAC Access Control Table 198 VLAN/SSID ParametersSecurity Profile Table Other Parameters Iapp Parameters Name Type Value Access CLI ParameterEnabling QoS Name Type Value Access CLI Parameter Configuring QoS Policies 200 Specifying the Mapping between 802.1p and 802.1D Priorities 201 Defining the QoS Policy used for a Wireless Interface SsidCLI Batch File CLI Batch File Format and Syntax Auto Configuration and the CLI Batch FileReboot Behavior 203 CLI Batch File Error Log Charact Equival Ent 204 Ascii Character ChartHex Management Functions SpecificationsSoftware Features Number of Stations per BSS Security Functions Medium Access Control MAC FunctionsSpecifications AP-700 User Guide Software Features Advanced Bridging Functions 207 Specifications AP-700 User GuideNetwork Functions Hardware Specifications Upper 149 153 157 161 ISM Band 165 Mode Frequency Channel Product SKU BandAvailable Channels 802.11b/g 802.11a 210 RF Performance802.11a RF Performance 802.11a Data Rates Mbps Software and Documentation Downloads Knowledgebase 211 Technical SupportOnline Support International 212 Telephone SupportTechnical Support AP-700 User Guide Telephone Support Limitations of Warranty Statement of WarrantyWarranty Coverage Repair or Replacement Other Adapter Cards Ask a Question or Open an IssueOther Information Search Knowledgebase 215 Regulatory ComplianceProduct Model Numbers 216 Safety Information USA, Canada, & European UnionRegulatory Compliance AP-700 User Guide 217 Federal Communications Commission FCC 218 Modifications 219 Industry Canada IC 220 European Union 221 Regulatory Compliance Certifications SummaryCountry Certification/Reference No