Figure 65 WIP Monitoring Dashboard
Detecting Rogue APs
The most important WIP functionality is the ability to classify an AP as a potential security threat. An AP is
considered to be rogue if it is both unauthorized and plugged in to the wired side of the network. An AP is
considered to be interfering if it is seen in the RF environment but is not connected to the wired network.
While the interfering AP can potentially cause RF interference, it is not considered a direct security threat since
it is not connected to the wired network. However, an interfering AP may be reclassified as a rogue AP.
Understanding Classification Terminology
APs and clients are discovered during scanning of the wireless medium, and they are classified into various
groups. The AP and client classification definitions are in Table 109 and Table 110.
Classification Description
Valid AP An AP that is part of the enterprise providing WLAN service.
Interfering AP An AP that is seen in the RF environment but is not connected to the wired network.
An interfering AP is not considered a direct security threat since it is not connected
to the wired network. For example, an interfering AP can be an AP that belongs to a
neighboring office’s WLAN but is not part of your WLAN network.
Neighbor AP A neighboring AP is when the BSSIDs are known. Once classified, a neighboring AP
does not change its state.
Rogue AP An unauthorized AP that is plugged into the wired side of the network.
Suspected-Rogue AP A suspected rogue AP is an unauthorized AP that may be plugged into the wired
side of the network.
Manually-contained AP An AP for which DoS is enabled manually.
Table 109: AP Classification Definition
AOS-W 6.5.3.x | User Guide Wireless Intrusion Prevention | 478
To Next Page
Loading...