Proxim AP-700 - page 84

Advanced Configuration AP-700 User Guide

Alarms

The figure above shows Client 1 connected to a Trusted AP and Client 2 connected to a Rogue AP. The Trusted AP

scans the networks, detects Client 2, and notifies the Network Manager. The Network Manager uses SNMP/CLI to query

the wired switch to find the inbound switch port of Client 2’s packets. The Network Manager verifies that t his switch/router

and port does not have a valid Access Point as per the administrator’s database. Thus it labels Client 2’s AP as a Rogue

AP and proceeds to prevent the Rogue AP attack by blocking this switch’s port.

Multi-Band Scanning

Rogue Scan detects Rogue stations in all bands (i.e., 2.4 GHz and 5 GHz for interfaces that support 802.11a/g

multi-band operation. During Rogue Scan the AP scans every channel in its configured regulatory domain; the AP scans

both the 2.4 GHz and 5 GHz bands for wireless interfaces supporting 802.11a/g multi-band operation.

APs can be detected either by active scanning using 802.11 probe request frames or passively by detecting periodic

beacons, or both. Wireless clients are detected by monitoring 802.11 connection establishment messages such as

association/authentication messages or data traffic to or from the wireless clients.

There are two scanning modes available per wireless interface: continuous scanning mode and background scanning

mode.

Continuous Scanning Mode

The continuous scanning mode is a dedicated scanning mode where the wireless interface performs scanning alone and

does not perform the normal AP operation of servicing client traffic.

In continuous scanning mode the AP scans each channel for a channel scan time of one second and then moves to the

next channel in the scan channel list. With a channel scan time of one second, the scan cycle time will take less than a

minute (one second per channel). Once the entire scan channel list has been scanned the AP restarts scanning from the

beginning of the scan channel list.

Background Scanning Mode

In background scanning mode the AP performs background scanning while performing normal AP operations on the

wireless interface.

You can configure the scan cycle time between 1-1440 minutes (24 hours). The scan cycle time indicates how

frequently a channel is sampled and defines the minimum attack period that can go unnoticed.

In background scanning mode the AP will scan one channel then wait for a time known as channel scan time. The

channel scan time affects the amount of data collected during scanning and defines the maximum number of samples

(possible detections) in one scan. This is increased to improve scanning efficiency; the tradeoff is that it decreases

throughput. The optimum value for this parameter during background scanning mode is 20ms.The channel scan time is

calculated from the scan cycle time parameter and the number of channels in the scan channel list as follows:

intra-channel scan time = (scan cycle time - (channel scan time * number of channels in the scan list))/number of

channels in the scan list.

Rogue Scan Data Collection

The AP stores information gathered about detected stations during scanning in a Rogue Scan result table. The Rogue

Scan result table can store a maximum of 2000 entries. When the table fills, the oldest entry gets overwritten. The Rogue

Scan result table lists the following information about each detected station:

• Station Type: indicates one of the following types of station:

– Unknown station

– AP station

– Infrastructure Client Station

– IBSS Client Station

• MAC Address of the detected station