3com WX2200 3CRWX220095A User Manual
About Rogues and RF Detection
569
Rogue Detection Lists
Rogue detection lists specify the third-party devices and SSIDs that MSS
allows on the network, and the devices MSS classifies as rogues. You can
configure the following rogue detection lists:
allows on the network, and the devices MSS classifies as rogues. You can
configure the following rogue detection lists:
Permitted SSID list—A list of SSIDs allowed in the Mobility Domain.
MSS generates a message if an SSID that is not on the list is detected.
MSS generates a message if an SSID that is not on the list is detected.
Permitted vendor list—A list of the wireless networking equipment
vendors whose equipment is allowed on the network. The vendor of a
piece of equipment is identified by the Organizationally Unique
Identifier (OUI), which is the first three bytes of the equipment’s MAC
address. MSS generates a message if an AP or wireless client with an
OUI that is not on the list is detected.
vendors whose equipment is allowed on the network. The vendor of a
piece of equipment is identified by the Organizationally Unique
Identifier (OUI), which is the first three bytes of the equipment’s MAC
address. MSS generates a message if an AP or wireless client with an
OUI that is not on the list is detected.
Client black list—A list of MAC addresses of wireless clients who are
not allowed on the network. MSS prevents clients on the list from
accessing the network through a WX switch. If the client is placed on
the black list dynamically by MSS due to an association, reassociation
or disassociation flood, MSS generates a log message.
not allowed on the network. MSS prevents clients on the list from
accessing the network through a WX switch. If the client is placed on
the black list dynamically by MSS due to an association, reassociation
or disassociation flood, MSS generates a log message.
Ignore list—A list of third-party devices that you want to exempt from
rogue detection. MSS does not count devices on the ignore list as
rogues or interfering devices, and does not issue countermeasures
against them.
rogue detection. MSS does not count devices on the ignore list as
rogues or interfering devices, and does not issue countermeasures
against them.
An empty permitted SSID list or permitted vendor list implicitly allows all
SSIDs or vendors. However, when you add an entry to the SSID or vendor
list, all SSIDs or vendors that are not in the list are implicitly disallowed.
An empty client black list implicitly allows all clients, and an empty ignore
list implicitly considers all third-party wireless devices to be potential
rogues.
SSIDs or vendors. However, when you add an entry to the SSID or vendor
list, all SSIDs or vendors that are not in the list are implicitly disallowed.
An empty client black list implicitly allows all clients, and an empty ignore
list implicitly considers all third-party wireless devices to be potential
rogues.
All the lists except the black list require manual configuration. You can
configure entries in the black list and MSS also can place a client in the
black list due to an association, reassociation or disassociation flood from
the client.
configure entries in the black list and MSS also can place a client in the
black list due to an association, reassociation or disassociation flood from
the client.
The rogue classification algorithm examines each of these lists when
determining whether a device is a rogue. Figure 34 shows how the rogue
detection algorithm uses the lists.
determining whether a device is a rogue. Figure 34 shows how the rogue
detection algorithm uses the lists.