H3C Technologies H3C Intelligent Management Center User Manual
Page 499
477
{
APs in the trusted address list that have correct wireless configuration.
{
APs matching an authorized AP classification rule.
•
Rogue—APs that are prohibited in the WLAN, including:
{
APs in the blocked address list.
{
APs that are incompliant with a WIPS attack detection policy.
{
APs matching a rogue AP classification rule.
•
Misconfigured—APs that are permitted in the WLAN but have incorrect configurations. For
example, an AP that is in the trusted address list but uses an invalid SSID (according to the AP
classification rule).
•
External—APs in adjacent wireless networks.
•
Ad Hoc—APs operating in Ad hoc mode.
•
Potential-Authorized—APs that are possibly authorized. If an AP is neither in the permitted
address list nor in the blocked address list, but its wireless service configuration is correct and its
wired port has been connected to the network, the AP is possibly an authorized AP.
•
Potential-Rogue—APs that are possibly rogue APs. If an AP is neither in the permitted device list
nor in the prohibited device list and its wireless service configuration is incorrect, but its wired
port has been connected to the network, the AP is possibly a rogue AP, for example, an attacker
AP.
•
Potential-External—APs that are possibly external APs. If an AP is neither in the permitted
address list nor in the blocked address list, and its wireless service configuration is correct and
its wired port has not been connected to the network, the AP is possibly an external AP.
•
Uncategorized—APs whose category cannot be determined.
When an AP matches a categorization rule but no AP category is specified for the rule, WIPS assigns
the threat level specified in the rule to the AP. A higher value represents a higher threat level.
WIPS categorizes an AP by using the workflow as shown in