beautypg.com

10 rogue ap detection, Rogue ap detection – Motorola Series Switch WS5100 User Manual

Page 32

background image

1-22 WS5100 Series Switch System Reference Guide

as intruding MUs try to find network vulnerabilities. Basic forms of this behavior can be monitored and
reported without needing a dedicated WIPS. When the parameters exceed a configurable threshold, the
switch generates an SNMP trap and reports the result via the management interfaces. Basic WIPS
functionality does not require monitoring APs and does not perform off-channel scanning.

1.2.5.10 Rogue AP Detection

The switch supports the following techniques for rogue AP detection:

RF scan by Access Port on all channels

SNMP Trap on discovery

Authorized AP Lists

Rogue AP Report

RF scan by access port on one channel

This process requires an access port to assist in Rogue AP detection. It functions as follows:

• The switch sends a new WISP Configuration message to the adopted AP informing it to detect Rogue

APs.

• The access port listens for beacons on its present channel.

• It passes the beacons to the switch as it receives them without any modification.

• The switch processes these beacon messages to generate the list of APs

This process of detecting a Rogue AP will be a non-disruptive and none of the MU will be disassociated
during this process. The access port will only scan on its present channel. An AP300 provides this support.

By choosing this option for detection, all capable access ports will be polled for getting the information. You
can configure how frequently this needs to be performed.

RF scan by Access Port on all channels

This process uses Auto Channel Select (called Detector AP assist) to scan for Rogue APs on all available
channels. It functions as follows:

• The switch sends a WISP Configuration message (with the ACS bit set and channel dwell time) to the

access port.

• An access port starts scanning each channel and passes the beacons it hears on each channel to the

switch.

• An access port resets itself after scanning all channels.

• An switch then processes this information

The process of detecting a Rogue AP is disruptive, as connected MUs loose association. MUs need to
reconnect once the access port resets.

NOTE: When converting an AP300 (with WISPe support) to an Intrusion Detection Sensor,
the conversion requires approximately 60 seconds.

NOTE: The Motorola RF Management Software is a recommended utility to plan the
deployment of the switch. Motorola RFMS can help optimize the positioning and
configuration of a switch in respect to a WLAN’s MU throughput requirements and can
help detect rogue devices. For more information, refer to the Motorola Web site.