n Classification-off: AP is classified as rogue because classification has been disabled, causing all non-
authorized APs to be classified as rogue.
n Propagated-Wired-MAC: The MAC addresses of wired devices learned by a different AP than the one that
uses it for classifying a rogue.
n Base-BSSID-Override: The classification was derived from another BSSID, which belongs to the same AP
that supports multiple BSSIDs on the radio interface.
n AP-Rule: A user-defined AP classification rule has matched.
n System-Wired-MAC: The MAC addresses of wired devices learned at the switch.
n System-Gateway-MAC: The Gateway MAC addresses learned at the switch.
Understanding Suspected Rogue Confidence Level
A suspected rogue AP is a potential threat to the WLAN infrastructure. A suspected rogue AP has a confidence
level associated with it. An AP can be marked as a suspected rogue if it is determined to be a potential threat on
the wired network, or if it matches a user-defined classification rule.
The suspected-rogue classification mechanisms are:
n Each mechanism that causes a suspected-rogue classification is assigned a confidence level increment of
20%.
n AP classification rules have a configured confidence level.
n When a mechanism matches a previously unmatched mechanism, the confidence level increment
associated with that mechanism is added to the current confidence level (the confidence level starts at
zero).
n The confidence level is capped at 100%.
n If your switch reboots, your suspected-rogue APs are not checked against any new rules that were
configured after the reboot. Without this restriction, all the mechanisms that classified your APs as
suspected-rogues may trigger again, causing the confidence level to surpass its cap of 100%. You can
explicitly mark an AP as “interfering” to trigger all new rules to match against it.
Understanding AP Classification Rules
AP classification rule configuration is performed only on a master switch. If AMP is enabled via the mobility-
manager command, then processing of the AP classification rules is disabled on the master switch. A rule is
identified by its ASCII character string name (32 characters maximum). The AP classification rules have one of
the following specifications:
n SSID of the AP
n SNR of the AP
n Discovered-AP-Count or the number of APs that can see the AP
Understanding SSID specification
Each rule can have up to 6 SSID parameters. If one or more SSIDs are specified in a rule, an option of whether
to match any of the SSIDs or not match all of the SSIDs can be specified. The default is to check for a match
operation.
Understanding SNR specification
Each rule can have only one specification of the SNR. A minimum and/or maximum can be specified in each
rule, and the specification is in SNR (db).
AOS-W 6.5.3.x | User Guide Wireless Intrusion Prevention | 480
To Next Page
Loading...