Configuring rogue detection lists, Configuring a permitted vendor list – 3Com WX4400 3CRWX440095A User Manual

574

C

HAPTER

26: R

OGUE

D

ETECTION

AND

C

OUNTERMEASURES

Configuring Rogue
Detection Lists

The following sections describe how to configure lists to specify the
devices that are allowed on the network and the devices that MSS should
attack with countermeasures.

(For information about how MSS uses the lists, see “Rogue Detection
Lists” on page 569.)

Configuring a

Permitted Vendor List

The permitted vendor list specifies the third-party AP or client vendors
that are allowed on the network. MSS does not list a device as a rogue or
interfering device if the device’s OUI is in the permitted vendor list.

By default, the permitted vendor list is empty and all vendors are allowed.
If you configure a permitted vendor list, MSS allows only the devices
whose OUIs are on the list. The permitted vendor list applies only to the
WX switch on which the list is configured. WX switches do not share
permitted vendor lists.

Countermeasures Packets sent by 3Com MAPs to

interfere with the operation of a
rogue or interfering device.

Countermeasures are configurable
on a radio-profile basis.

Yes

Yes

Active scan

Active scan sends probe any requests
(probes with a null SSID name) to
look for rogue APs.

Active scan is configurable on a
radio-profile basis.

Yes

No

3Com MSP
signature

Value in a MAP’s management
frames that identifies the MAP to
MSS. MAP signatures help prevent
spoofing of the MAP MAC address.

No

No

Log messages
and traps

Messages and traps for rogue
activity. Messages are described in
“IDS and DoS Alerts” on page 584.

Yes

Yes

Table 48 Rogue Detection Features (continued)

Rogue
Detection
Feature

Description

Applies To

Third-Party
APs

Clients