Nortel 2350 用户指南
630 Rogue detection and counter measures
NN47250-500 (320657-F Version 02.01)
Countermeasures are disabled by default. You can enable them on an individual radio-profile basis. When you enable
them, all devices of interest that are not in the known devices list become viable targets for countermeasures. Counter-
measures can be enabled against all rogue and interfering devices, against rogue devices only, or against devices
explicitly configured in the WSS’s attack list. The Mobility Domain’s seed switch automatically selects individual
radios to send the countermeasure packets.
them, all devices of interest that are not in the known devices list become viable targets for countermeasures. Counter-
measures can be enabled against all rogue and interfering devices, against rogue devices only, or against devices
explicitly configured in the WSS’s attack list. The Mobility Domain’s seed switch automatically selects individual
radios to send the countermeasure packets.
Mobility Domain requirement
RF Detection requires the Mobility Domain to be completely up. If a Mobility Domain is not fully operational (not all
members are up), no new RF Detection data is processed. Existing RF Detection information ages out normally.
Processing of RF Detection data is resumed only when all members of the Mobility Domain are up. If a seed switch in
the Mobility Domain cannot resume full operation, you can restore the Mobility Domain to full operation, and therefore
resume RF Detection data processing, by removing the inoperative switch from the member list on the seed.
members are up), no new RF Detection data is processed. Existing RF Detection information ages out normally.
Processing of RF Detection data is resumed only when all members of the Mobility Domain are up. If a seed switch in
the Mobility Domain cannot resume full operation, you can restore the Mobility Domain to full operation, and therefore
resume RF Detection data processing, by removing the inoperative switch from the member list on the seed.
Summary of rogue detection features
lists the rogue detection features in WSS Software.
Table 1.Rogue detection features
Rogue Detection
Feature
Feature
Description
Applies To
Third-Party
APs
APs
Clients
Classification
WSS Software can classify third-party
APs as rogues or interfering devices. A
rogue is a third-party AP whose MAC
address WSS Software knows from the
wired side of the network. An
interfering device does not have a
MAC address known on the wired side.
WSS Software can detect rogue clients,
locate their APs, and issue
countermeasures against the APs.
APs as rogues or interfering devices. A
rogue is a third-party AP whose MAC
address WSS Software knows from the
wired side of the network. An
interfering device does not have a
MAC address known on the wired side.
WSS Software can detect rogue clients,
locate their APs, and issue
countermeasures against the APs.
Yes
Yes
Permitted vendor list
List of OUIs to allow on the network.
An OUI is the first three octets of a
MAC address and uniquely identifies
an AP’s or client’s vendor.
An OUI is the first three octets of a
MAC address and uniquely identifies
an AP’s or client’s vendor.
Yes
No
Permitted SSID list
List of SSIDs allowed on the network.
WSS Software can issue
countermeasures against third-party
APs sending traffic for an SSID that is
not on the list.
WSS Software can issue
countermeasures against third-party
APs sending traffic for an SSID that is
not on the list.
Yes
Yes
Client black list
List of client or AP MAC addresses
that are not allowed on the wireless
network. WSS Software drops all
packets from these clients or APs.
that are not allowed on the wireless
network. WSS Software drops all
packets from these clients or APs.
Yes
Yes