Filter
Top Products
369 | WirelessIntrusionPrevention DellPowerConnectW-SeriesArubaOS6.2 | User Guide
with that of the user’s wired network. The MAC of the device on the discovered AP’s network is known as the
Match MAC
. The ways in which the matching of wired MACs occurs is detailed in the sections "Understanding
Match Methods" on page 369 and "Understanding Match Types" on page 369.
Understanding Match Methods
The match methods are:
l Plus One—The match MAC matches a device whose MAC address’ last bit was one more than that of the
Match MAC.
l Minus One—The match MAC matches a device whose MAC address’ last bit was one less than that of the
Match MAC.
l Equal—The match was against the same MAC address.
l OUI—The match was against the manufacturer’s OUI of the wired device.
The classification details are available in the ‘Discovered AP table’ section of the ‘Security Summary’ page of the
WebUI. The information can be obtained by clicking on the details icon for a selected discovered AP. The
information is also available in the command show wms rogue-ap.
Understanding Match Types
l Eth-Wired-MAC—The MAC addresses of wired devices learned by an AP on its Ethernet interface.
l GW-Wired-MAC—The collection of Gateway MACs of all APs across the master and local Dell controllers.
l AP-Wired-MAC—The MAC addresses of wired devices learned by monitoring traffic out of other valid and rogue
APs.
l Config-Wired-MAC—The MAC addresses that are configured by the user typically that of well known servers in
the network.
l Manual—User triggered classification.
l External-Wired-MAC—The MAC address matched a set of known wired devices that are maintained in an
external database.
l Mobility-Manager—The classification was determined by the mobility manager, AMP.
l Classification-off—AP is classified as rogue because classification has been disabled causing all non-authorized
APs to be classified as a rogue.
l Propagated-Wired-MAC—The MAC addresses of wired devices learned by a different AP than the one that uses
it for classifying a rogue.
l Base-BSSID-Override—The classification was derived from another BSSID which belongs to the same AP that
supports multiple BSSIDs on the radio interface.
l AP-Rule—A user defined AP classification rule has matched.
l System-Wired-MAC—The MAC addresses of wired devices learned at the controller.
l System-Gateway-MAC—The Gateway MAC addresses learned at the controller.
Understanding Suspected Rogue Confidence Level
A suspected rogue AP is an AP that is potentially a threat to the WLAN infrastructure. A suspected rogue AP has a
confidence level associated with it. An AP can be marked as a suspected rogue if it is determined to be a potentially
threat on the wired network, or if it matches a user defined classification rule.
The suspected-rogue classification mechanism are:
l Each mechanism that causes a suspected-rogue classification is assigned a confidence level increment of 20%.
l AP classification rules have a configured confidence level.