3com 3CRWXR10095A User Manual
458
C
HAPTER
17: D
ETECTING
AND
C
OMBATTING
R
OGUE
D
EVICES
Rogue Detection
Requirements
Requirements
Rogue detection in 3WXM has the following requirements.
The Enable Rogue Detection option must be selected on the
Monitoring Settings tab of the 3WXM Services Setup dialog. (See
“Changing Monitoring Settings” on page 500.)
Monitoring Settings tab of the 3WXM Services Setup dialog. (See
“Changing Monitoring Settings” on page 500.)
To use countermeasures, they must be enabled. You can enable them
on an individual radio profile basis. (See “Viewing and Configuring
Radio Profiles” on page 263
on an individual radio profile basis. (See “Viewing and Configuring
Radio Profiles” on page 263
)
SNMP notifications must be enabled on the WX switches. Table 58
lists the notification types related to RF detection. The notification
types for Intrusion Detection System (IDS) and Denial of Service (DoS)
protection are also listed. (To enable notifications on a switch, see
“Configuring SNMP” on page 187.)
lists the notification types related to RF detection. The notification
types for Intrusion Detection System (IDS) and Denial of Service (DoS)
protection are also listed. (To enable notifications on a switch, see
“Configuring SNMP” on page 187.)
Table 58 SNMP Notifications for RF Detection
Notification Type
Description
Rogue detection notifications
RogueDetect
Indicates that MSS has detected a rogue AP.
RFDetectRougeDisappear
Indicates that MSS is no longer detecting a
previously detected rogue AP.
previously detected rogue AP.
RFDetectInterferingRogueAP
Indicates that MSS has detected an interfering
device.
device.
RFDetectInterferingRogueDisappear Indicates that MSS is no longer detecting a
previously detected interfering device.
RFDetectAdHocUser
Indicates that MSS has detected an ad-hoc
user.
user.
RFDetectUnAuthorizedSSID
Indicates that MSS has detected an SSID that
is not on the permitted SSID list.
is not on the permitted SSID list.
RFDetectUnAuthorizedOUI
Indicates that MSS has detected a wireless
device that is not on the list of permitted
vendors.
device that is not on the list of permitted
vendors.
RFDetectUnAuthorizedAP
Indicates that MSS has detected the MAC
address of an AP that is on the attack list.
address of an AP that is on the attack list.
IDS/DoS notifications
For more information about IDS/DoS, see the “IDS and DoS Alerts” section in the
“Rogue Detection and Countermeasures” chapter of the
“Rogue Detection and Countermeasures” chapter of the
.
CounterMeasureStart
Indicates that MSS has begun
countermeasures against a rogue AP.
countermeasures against a rogue AP.