Filter
Top Products
Rogue detection and counter measures 631
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Configuring rogue detection lists
The following sections describe how to configure lists to specify the devices that are allowed on the network
and the devices that WSS Software should attack with countermeasures.
(For information about how WSS Software uses the lists, see “Rogue detection lists” (page 626).)
Configuring a permitted vendor list
The permitted vendor list specifies the third-party AP or client vendors that are allowed on the network. WSS
Software does not list a device as a rogue or interfering device if the device’s OUI is in the permitted vendor
list.
Attack list List of AP MAC addresses to attack.
WSS Software can issue
countermeasures against these APs
whenever they are detected on the
network.
Yes No
Ignore list List of MAC addresses to ignore
during RF detection. WSS Software
does not classify devices on this list as
rogues or interfering devices, and does
not issue countermeasures against
them.
Yes Yes
Countermeasures Packets sent by Nortel APs to interfere
with the operation of a rogue or
interfering device.
Countermeasures are configurable on a
radio-profile basis.
Yes Yes
Scheduled RF
Scanning
Scheduled RF Scanning sends probe
any requests (probes with a null SSID
name) to look for rogue APs.
Scheduled RF Scanning is configurable
on a radio-profile basis.
Yes No
Nortel AP signature Value in an AP’s management frames
that identifies the AP to WSS
Software. AP signatures help prevent
spoofing of the AP MAC address.
No No
Log messages and
traps
Messages and traps for rogue activity.
Messages are described in “IDS and
DoS alerts” (page 638).
Yes Yes
Table 1.Rogue detection features (continued)
Rogue Detection
Feature
Description
Applies To
Third-Party
APs
Clients