Filter
Top Products
626 Rogue detection and counter measures
NN47250-500 (320657-F Version 02.01)
Rogue classification
When WSS Software detects a third-party wireless device that is not allowed on the network, WSS Software
classifies the device as one of the following:
• Rogue—The device is in the Nortel network but does not belong there.
• Interfering device—The device is not part of the Nortel network but also is not a rogue. No client
connected to the device has been detected communicating with any network entity listed in the
forwarding database (FDB) of any WSS in the Mobility Domain. Although the interfering device is not
connected to your network, the device might be causing RF interference with AP radios.
When you enable countermeasures, you can specify whether to issue them against rogues and interfering
devices, or against rogues only. For example, if you do not want to issue countermeasures against your
neighbor’s wireless devices, you can select to issue countermeasures against rogues only. Auto-RF can auto-
matically change AP radio channels to work around interfering devices without attacking those devices.
In addition, you can optionally configure WSS Software to issue on-demand countermeasures. On-demand
countermeasures are those launched against devices that you have manually specified in the WSS’s attack list.
When you enable on-demand countermeasures, WSS Software issues them only against the devices that have
been manually specified in the attack list, not to other devices determined to be rogues for other reasons, such
as policy violations.
When WSS Software directs an AP radio to issue countermeasures against a rogue, WSS Software changes the
channel on the radio to the channel on which the rogue traffic is detected. The radio remains on that channel as
long as the radio is issuing countermeasures against the rogue, even if Auto-RF is enabled.
Rogue detection lists
Rogue detection lists specify the third-party devices and SSIDs that WSS Software allows on the network, and
the devices WSS Software classifies as rogues. You can configure the following rogue detection lists:
• Permitted SSID list—A list of SSIDs allowed in the Mobility Domain. WSS Software generates a
message if an SSID that is not on the list is detected.
• Permitted vendor list—A list of the wireless networking equipment vendors whose equipment is allowed
on the network. The vendor of a piece of equipment is identified by the Organizationally Unique
Identifier (OUI), which is the first three bytes of the equipment’s MAC address. WSS Software generates
a message if an AP or wireless client with an OUI that is not on the list is detected.
• Client black list—A list of MAC addresses of wireless clients who are not allowed on the network. WSS
Software prevents clients on the list from accessing the network through a WSS. If the client is placed on
the black list dynamically by WSS Software due to an association, reassociation or disassociation flood,
WSS Software generates a log message.
• Ignore list—A list of third-party devices that you want to exempt from rogue detection. WSS Software
does not count devices on the ignore list as rogues or interfering devices, and does not issue
countermeasures against them.
An empty permitted SSID list or permitted vendor list implicitly allows all SSIDs or vendors. However, when
you add an entry to the SSID or vendor list, all SSIDs or vendors that are not in the list are implicitly disal-
lowed. An empty client black list implicitly allows all clients, and an empty ignore list implicitly considers all
third-party wireless devices to be potential rogues.