3Com WX2200 3CRWX220095A Switch User Manual


 
576 CHAPTER 26: ROGUE DETECTION AND COUNTERMEASURES
Configuring a
Permitted SSID List
The permitted SSID list specifies the SSIDs that are allowed on the
network. If MSS detects packets for an SSID that is not on the list, the AP
that sent the packets is classified as a rogue. MSS issues countermeasures
against the rogue if they are enabled.
By default, the permitted SSID list is empty and all SSIDs are allowed. If
you configure a permitted SSID list, MSS allows traffic only for the SSIDs
that are on the list. The permitted SSID list applies only to the WX switch
on which the list is configured. WX switches do not share permitted SSID
lists.
If you add a device that MSS has classified as a rogue to the permitted
SSID list, but not to the ignore list, MSS can still classify the device as a
rogue. Adding an entry to the permitted SSID list merely indicates that
the device is using an allowed SSID. However, to cause MSS to stop
classifying the device as a rogue, you must add the device’s MAC address
to the ignore list.
To add an SSID to the list, use the following command:
set rfdetect ssid-list ssid-name
The following command adds SSID mycorp to the list of permitted SSIDs:
WX4400# set rfdetect ssid-list mycorp
success: ssid mycorp is now in ssid-list.
To display the permitted SSID list, use the following command:
display rfdetect ssid-list
The following example shows the permitted SSID list on a WX switch:
WX1200# display rfdetect ssid-list
Total number of entries: 3
SSID
-----------------
mycorp
corporate
guest
To remove an SSID from the permitted SSID list, use the following
command:
clear rfdetect ssid-list ssid-name