3com 3CRWXR10095A User Manual
Rogue Detection Requirements
459
To use countermeasures, they must be enabled. You can enable them on
an individual radio profile basis. (See “Viewing and Configuring Radio
Profiles” on page 263.)
an individual radio profile basis. (See “Viewing and Configuring Radio
Profiles” on page 263.)
Mobility Domain
Requirement
RF Detection requires the Mobility Domain to be completely up. If a
Mobility Domain is not fully operational (not all members are up), no new
RF Detection data is processed. Existing RF Detection information ages
out normally. Processing of RF Detection data is resumed only when all
members of the Mobility Domain are up. If a seed switch in the Mobility
Domain cannot resume full operation, you can restore the Mobility
Domain to full operation, and therefore resume RF Detection data
processing, by removing the inoperative switch from the member list on
the seed.
Mobility Domain is not fully operational (not all members are up), no new
RF Detection data is processed. Existing RF Detection information ages
out normally. Processing of RF Detection data is resumed only when all
members of the Mobility Domain are up. If a seed switch in the Mobility
Domain cannot resume full operation, you can restore the Mobility
Domain to full operation, and therefore resume RF Detection data
processing, by removing the inoperative switch from the member list on
the seed.
CounterMeasureStop
Indicates that MSS has stopped
countermeasures against a rogue access
point.
countermeasures against a rogue access
point.
RFDetetSpoofedMacAP
Indicates that MSS has detected a wireless
packet with the source MAC address of a
3Com MAP, but without the spoofed MAP’s
signature (fingerprint).
packet with the source MAC address of a
3Com MAP, but without the spoofed MAP’s
signature (fingerprint).
RFDetectSpoofedSSIDAP
Indicates that MSS has detected beacon
frames for a valid SSID, but sent by a rogue
AP.
frames for a valid SSID, but sent by a rogue
AP.
RFDetectDoS
Indicates that MSS has detected a DoS attack
other than an associate request flood,
reassociate request flood, or disassociate
request flood.
other than an associate request flood,
reassociate request flood, or disassociate
request flood.
RFDetectDoSPort
Indicates that MSS has detected an associate
request flood, reassociate request flood, or
disassociate request flood.
request flood, reassociate request flood, or
disassociate request flood.
RFDetectClientVARogueWiredAP
Indicates that MSS has detected, on the wired
part of the network, the MAC address of a
wireless client associated with a third-party
AP.
part of the network, the MAC address of a
wireless client associated with a third-party
AP.
Table 58 SNMP Notifications for RF Detection
Notification Type
Description