10 rogue ap detection, Rogue ap detection – Motorola Series Switch WS5100 User Manual
Page 32
1-22 WS5100 Series Switch System Reference Guide
as intruding MUs try to find network vulnerabilities. Basic forms of this behavior can be monitored and
reported without needing a dedicated WIPS. When the parameters exceed a configurable threshold, the
switch generates an SNMP trap and reports the result via the management interfaces. Basic WIPS
functionality does not require monitoring APs and does not perform off-channel scanning.
1.2.5.10 Rogue AP Detection
The switch supports the following techniques for rogue AP detection:
•
RF scan by Access Port on all channels
•
•
•
RF scan by access port on one channel
This process requires an access port to assist in Rogue AP detection. It functions as follows:
• The switch sends a new WISP Configuration message to the adopted AP informing it to detect Rogue
APs.
• The access port listens for beacons on its present channel.
• It passes the beacons to the switch as it receives them without any modification.
• The switch processes these beacon messages to generate the list of APs
This process of detecting a Rogue AP will be a non-disruptive and none of the MU will be disassociated
during this process. The access port will only scan on its present channel. An AP300 provides this support.
By choosing this option for detection, all capable access ports will be polled for getting the information. You
can configure how frequently this needs to be performed.
RF scan by Access Port on all channels
This process uses Auto Channel Select (called Detector AP assist) to scan for Rogue APs on all available
channels. It functions as follows:
• The switch sends a WISP Configuration message (with the ACS bit set and channel dwell time) to the
access port.
• An access port starts scanning each channel and passes the beacons it hears on each channel to the
switch.
• An access port resets itself after scanning all channels.
• An switch then processes this information
The process of detecting a Rogue AP is disruptive, as connected MUs loose association. MUs need to
reconnect once the access port resets.
NOTE: When converting an AP300 (with WISPe support) to an Intrusion Detection Sensor,
the conversion requires approximately 60 seconds.
NOTE: The Motorola RF Management Software is a recommended utility to plan the
deployment of the switch. Motorola RFMS can help optimize the positioning and
configuration of a switch in respect to a WLAN’s MU throughput requirements and can
help detect rogue devices. For more information, refer to the Motorola Web site.