Functionalities supported – H3C Technologies H3C WX6000 Series Access Controllers User Manual

42-3

Taking countermeasures against rogue device attacks

You can enable the countermeasures on a monitor AP. The monitor AP downloads an attack list from

the AC according to the countermeasure mode and takes countermeasures against detected rogue

devices. The processing methods vary with rogue devices:

If the rogue device is a rogue client, it will be logged out.

If the rogue device is a rogue AP, legal clients will not use the rogue AP to access the WLAN.

If the rogue device is an ad-hoc client, it is denied and ad-hoc clients cannot communicate with

each other.

Figure 42-3 Take countermeasures against rogue devices

AC

L2 Switch

Monitor AP

AP 1

AP 2

Client

Client

Client

Rogue client

Rogue Bridge

Functionalities supported

The rogue detection feature supports the following functionalities:

RF monitoring in different channels

Rogue AP detection

Rogue client detection

Ad hoc network detection

Wireless bridge detection

Countermeasures against rogue devices, clients and ad hoc networks

The current solution only supports detection of rogue devices managed by a single access controller.

The rogue detection feature does not support the following functionalities:

Interfering AP (APs of other enterprises) detection

Physical location tracking on wireless side

Port location tracking and blocking on wire side

DoS attacks against rogue APs

Countermeasures against rogue wireless bridges