Enterasys RoamAbout RBT-4102 - Using the CLI to Configure Rogue AP Detection

To Next Page

To Previous Page

Rogue AP Detection

RoamAbout RBT-4102 Wireless Access Point Configuration Guide 4-27

• RADIUSAuthenticationenablestheaccesspointtodiscoverrogueaccesspoints.Enabling

RADIUSAuthenticationcausestheaccesspointtochecktheMACaddress/BasicServiceSet

Identifier(BSSID)ofeachaccesspointthatitfindsagainstaRADIUSservertodetermine

whethertheaccesspointisallowed.WithRADIUSauthenticationdisabled,

theaccesspoint

canidentifyitsneighboringaccesspointsonly;itcannotidentifywhetherthe accesspointsare

allowedorarerogues.IfyouenableRADIUSauthentication,youmustconfigureaRADIUS

serverforthisaccesspoint.

• APScanIntervalspecifiesthewait‐timebetweenscans.Range:30to10080

minutes.Default:

720minutesbetweenscans.

• APScanDurationsetsthelengthoftimeforeachrogueAPscan.Alongscandurationtime

willdetectmoreaccesspointsinthearea,butcausesmoredisruptiontoclientaccess.Range:

100‐1000milliseconds.Default:350milliseconds.

• ScanNowbuttonstarts

animmediaterogueAPscanforthespecifiedradiointerface.

• ScanAllbuttonscansforall802.11aand802.11b/ginterfaces.

Using the CLI to Configure Rogue AP Detection

Usetherogue‐apcommand todetectneighboringaccesspointsandaccesspoints thatarenot

authorizedtoparticipateonthenetwork.Usetheinterface‐acommandtosetaccesspoint

detectionparametersfor802.11ainterfaces.Usetheinterface‐gcommandtosetaccesspoint

detectionparametersfor802.11b/ginterfaces.Set

uptherogueAPfeaturebyspecifyingthescan

duration;interduration(amountoftimetomakefrequencychannelsactivetoclients);andthe

intervalbetweenscans.TouserogueAPdetection,enableradiusauthenticationusingtheradius

command.ToinitiateaRogueAPscanforallinterfaces,usethescan

command.Usetheshow

rogue‐apcommandfromtheExecutivemodetoviewinterface‐aandinterface‐gsettingsandto

viewscanresultsforbothinterfaces.

Example

RoamAbout 4102#configure

Enter configuration commands, one per line. End with CTRL/Z

RoamAbout 4102(config)#rogue-ap radius enable

RoamAbout 4102(config)#rogue-ap interface-g enable

configure either syslog or trap or both to receive the rogue APs detected.

RoamAbout 4102(config)#rogue-ap interface-g duration 200

RoamAbout 4102(config)#rogue-ap interface-g interval 120

RoamAbout 4102(config)#rogue-ap interface-g interduration 2000

RoamAbout 4102(config)#rogue-ap interface-g scan

RoamAbout 4102(config)#exit

RoamAbout 4102#show rogue-ap

802.11a : Rogue AP Setting

========================================================================

Rogue AP Detection : Disabled

Rogue AP Authentication : Enabled

Rogue AP Scan Interval : 720 minutes

Rogue AP Scan Duration : 350 milliseconds

Rogue AP Scan InterDuration: 3000 milliseconds

Note: When the access point scans a channel for neighbor AP’s, wireless clients will not be able to

connect to the access point. Frequent scanning, or scans, of a long duration will degrade the

access points performance. Therefore, avoid frequent scanning, or scans, of long duration unless

there is a reason to believe that more intensive scanning is required to find a rogue AP.

Main Page

Enterasys RoamAbout RBT-4102 - Using the CLI to Configure Rogue AP Detection

Table of Contents

Other manuals for Enterasys RoamAbout RBT-4102

Related product manuals