3com 3CRWXR10095A User Manual

C

HAPTER

 17: D

ETECTING

 

AND

 C

OMBATTING

 R

OGUE

 D

EVICES

Rogue detection in 3WXM has the following requirements.

„

The Enable Rogue Detection option must be selected on the 
Monitoring Settings tab of the 3WXM Services Setup dialog. (See 
“Changing Monitoring Settings” on page 500.)

„

To use countermeasures, they must be enabled. You can enable them 
on an individual radio profile basis. (See “Viewing and Configuring 
Radio Profiles” on page 263

)

„

SNMP notifications must be enabled on the WX switches. Table 58 
lists the notification types related to RF detection. The notification 
types for Intrusion Detection System (IDS) and Denial of Service (DoS) 
protection are also listed. (To enable notifications on a switch, see 
“Configuring SNMP” on page 187.)

Table 58   SNMP Notifications for RF Detection

RogueDetect

Indicates that MSS has detected a rogue AP.

RFDetectRougeDisappear

Indicates that MSS is no longer detecting a 
previously detected rogue AP.

RFDetectInterferingRogueAP

Indicates that MSS has detected an interfering 
device.

RFDetectInterferingRogueDisappear Indicates that MSS is no longer detecting a 

previously detected interfering device.

RFDetectAdHocUser

Indicates that MSS has detected an ad-hoc 
user.

RFDetectUnAuthorizedSSID

Indicates that MSS has detected an SSID that 
is not on the permitted SSID list.

RFDetectUnAuthorizedOUI

Indicates that MSS has detected a wireless 
device that is not on the list of permitted 
vendors. 

RFDetectUnAuthorizedAP

Indicates that MSS has detected the MAC 
address of an AP that is on the attack list.

For more information about IDS/DoS, see the “IDS and DoS Alerts” section in the 
“Rogue Detection and Countermeasures” chapter of the 

CounterMeasureStart

Indicates that MSS has begun 
countermeasures against a rogue AP.