Filter
Top Products
l When a mechanism matches a previously unmatched mechanism, the confidence level increment associated with
that mechanism is added to the current confidence level (the confident level starts at zero).
l The confidence level is capped at 100%.
l If your controller reboots, your suspected-rogue APs are not checked against any new rules that were configured
after the reboot. Without this restriction, all the mechanisms that classified your APs as suspected-rogue may
trigger again causing the confidence level to surpass their cap of 100%. You can explicitly mark an AP as
“interfering” to trigger all new rules to match against it.
Understanding AP Classification Rules
AP classification rule configuration is performed only on a master controller. If AMP is enabled via the mobility-
manager command, then processing of the AP classification rules is disabled on the master controller. A rule is
identified by its ASCII character string name (32 characters maximum). The AP classification rules have one of the
following specifications:
l SSID of the AP
l SNR of the AP
l Discovered-AP-Count or the number of APs that can see the AP
Understanding SSID specification
Each rule can have up to 6 SSID parameters. If one or more SSIDs are specified in a rule, an option of whether to
match any of the SSIDs, or to not match all of the SSIDs can be specified. The default is to check for a match
operation.
Understanding SNR specification
Each rule can have only one specification of the SNR. A minimum and/or maximum can be specified in each rule
and the specification is in SNR (db).
Understanding Discovered-AP-Count specification
Each rule can have only one specification of the Discovered-AP-Count. Each rule can specify a minimum or
maximum of the Discovered-AP-count. The minimum or maximum operation must be specified if the Discovered-
AP-count is specified. The default setting is to check for the minimum discovered-AP-count.
Sample Rules
If SSID equals xyz AND SNR > 40 then classify AP as suspected-rogue with conf-level-increment of 20
If SNR > 60 and DISCOVERING_APS > 2, then classify AP as suspected-rogue with conf-level increment of 35
If SSID equals ‘XYZ’, then classify AP as known-neighbor
Understanding Rule Matching
A rule must be enabled before it is matched. A maximum of 32 rules can be created with a maximum of 16 rules
active simultaneously. If a rule matches, an AP is classified to:
l Suspected-Rogue—an associated confidence-level is provided (minimum is 5%)
l Neighbor
The following mechanism is used for rule matching.
l When
all
the conditions specified in the rule evaluate to true, the rule matches.
l If multiple rules match causing the AP to be classified as a Suspected-Rogue, the confidence level of each rule is
aggregated to determine the confidence level of the classification.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide WirelessIntrusion Prevention | 370