Filter
Top Products
632 Rogue detection and counter measures
NN47250-500 (320657-F Version 02.01)
By default, the permitted vendor list is empty and all vendors are allowed. If you configure a permitted vendor
list, WSS Software allows only the devices whose OUIs are on the list. The permitted vendor list applies only
to the WSS on which the list is configured. WSSs do not share permitted vendor lists.
If you add a device that WSS Software has classified as a rogue to the permitted vendor list, but not to the
ignore list, WSS Software can still classify the device as a rogue. Adding an entry to the permitted vendor list
merely indicates that the device is from an allowed vendor. However, to cause WSS Software to stop classi-
fying the device as a rogue, you must add the device’s MAC address to the ignore list.
To add an entry to the permitted vendor list, use the following command:
set rfdetect vendor-list {client | ap} mac-addr
The following command adds an entry for clients whose MAC addresses start with aa:bb:cc:
WSS# set rfdetect vendor-list client aa:bb:cc:00:00:00
success: MAC aa:bb:cc:00:00:00 is now in client vendor-list.
The trailing 00:00:00 value is required.
To display the permitted vendor list, use the following command:
show rfdetect vendor-list
The following example shows the permitted vendor list on a switch:
WSS# show rfdetect vendor-list
Total number of entries: 1
OUI Type
----------------- ------
aa:bb:cc:00:00:00 client
11:22:33:00:00:00 ap
To remove an entry from the permitted vendor list, use the following command:
clear rfdetect vendor-list {client | ap} {mac-addr | all}
The following command removes client OUI aa:bb:cc:00:00:00 from the permitted vendor list:
WSS# clear rfdetect vendor-list client aa:bb:cc:00:00:00
success: aa:bb:cc:00:00:00 is no longer in client vendor-list.
Configuring a permitted SSID list
The permitted SSID list specifies the SSIDs that are allowed on the network. If WSS Software detects packets
for an SSID that is not on the list, the AP that sent the packets is classified as a rogue. WSS Software issues
countermeasures against the rogue if they are enabled.
By default, the permitted SSID list is empty and all SSIDs are allowed. If you configure a permitted SSID list,
WSS Software allows traffic only for the SSIDs that are on the list. The permitted SSID list applies only to the
WSS on which the list is configured. WSSs do not share permitted SSID lists.
If you add a device that WSS Software has classified as a rogue to the permitted SSID list, but not to the ignore
list, WSS Software can still classify the device as a rogue. Adding an entry to the permitted SSID list merely