Home » D-Link Manuals » Hubs & Switches » D-Link DWS-3160-24TC » Manual Viewer

D-Link DWS-3160-24TC DWS-3160 Series Web UI Reference Guide - Page 437

Managed SSID

View all D-Link DWS-3160-24TC manuals

Add to My Manuals
Save this manual to your list of manuals

Page 437 highlights

DWS-3160 Series Gigabit Ethernet Unified Switch Web UI Reference Guide Figure 3-36 WIDS Security AP Configuration window The fields that can be configured or displayed are described below: Parameter Description Administrator configured rogue AP Managed SSID from an unknown AP Managed SSID from a fake managed AP AP without an SSID Fake managed AP on an invalid channel Managed SSID detected with incorrect security Invalid SSID from a managed AP If the source MAC address is in the valid-AP database on the switch or on the RADIUS server and the AP type is marked as Rogue, then the AP state is Rogue. Select Enabled to check whether an unknown AP is using the managed network SSID. A hacker may set up an AP with managed SSID to fool users into associating with the AP and revealing password and other secure information. Administrators with large networks who are using multiple clusters should either use different network names in each cluster or disable this test. Otherwise, if an AP in the first cluster detects APs in the second cluster transmitting the same SSID as APs in the first cluster then these APs are reported as rogues. A hacker may set up an AP with the same MAC address as one of the managed APs and configure it to send one of the managed SSIDs. This test checks for a vendor field in the beacons which is always transmitted by managed APs. If the vendor field is not present, then the AP is identified as a fake AP. SSID is an optional field in beacon frames. To avoid detection a hacker may set up an AP with the managed network SSID, but disable SSID transmission in the beacon frames. The AP would still send probe responses to clients that send probe requests for the managed SSID fooling the clients into associating with the hacker's AP. This test detects and flags APs that transmit beacons without the SSID field. The test is automatically disabled if any of the radios in the profiles are configured not to send SSID field, which is not recommended because it does not provide any real security and disables this test. Select Enabled to detect rogue APs that transmit beacons from the source MAC address of one of the managed APs, but on different channel from which the AP is supposed to be operating. During RF Scan, the AP examines beacon frames received from other APs and determines whether the detected AP is advertising an open network, WEP, or WPA. If the SSID reported in the RF Scan is one of the managed networks and its configured security not match the detected security then this test marks the AP as rogue. Select Enabled to check whether a known managed AP is sending an unexpected SSID. The SSID reported in the RF Scan is compared to the list of all configured SSIDs that are used by the profile assigned to the managed AP. If the detected SSID doesn't match any configured SSID then the AP is marked as rogue. 432

Section	Page
Table of Contents	3
Intended Readers	6
Typographical Conventions	6
Notes, Notices and Cautions	6
Section 1 Web-based Switch Configuration	7
Chapter 1 Introduction	7
Chapter 2 Login to the Web Manager	7
Chapter 3 Web-based User Interface	8
Areas of the User Interface	8
Chapter 4 Web Pages	9
Section 2 LAN	11
Chapter 1 System Configuration	11
Device Information	11
System Information Settings	12
Port Configuration	12
PoE	16
Serial Port Settings	19
Warning Temperature Settings	19
System Log Configuration	20
Time Range Settings	23
Port Group Settings	24
Time Settings	24
User Accounts Settings	25
Command Logging Settings	26
Chapter 2 Management	27
ARP	27
Gratuitous ARP	28
IPv6 Neighbor Settings	30
IP Interface	31
Management Settings	35
Session Table	36
Single IP Management	37
SNMP Settings	46
Telnet Settings	55
Web Settings	55
Chapter 3 L2 Features	56
VLAN	56
QinQ	74
Spanning Tree	77
Link Aggregation	84
FDB	87
L2 Multicast Control	91
Multicast Filtering	113
ERPS Settings	118
LLDP	121
NLB FDB Settings	130
Chapter 4 L3 Features	131
IPv4 Static/Default Route Settings	131
IPv4 Route Table	132
IPv6 Static/Default Route Settings	132
IP Forwarding Table	133
VRRP	133
Chapter 5 QoS	138
802.1p Settings	139
Bandwidth Control	141
Traffic Control Settings	143
DSCP	145
HOL Blocking Prevention	147
Scheduling Settings	147
Chapter 6 ACL	150
ACL Configuration Wizard	150
Access Profile List	151
CPU Access Profile List	167
ACL Finder	181
ACL Flow Meter	181
Egress Access Profile List	184
Egress ACL Flow Meter	196
Chapter 7 Security	199
802.1X	199
RADIUS	211
IP-MAC-Port Binding (IMPB)	215
MAC-based Access Control (MAC)	220
Compound Authentication	223
Port Security	226
ARP Spoofing Prevention Settings	228
BPDU Attack Protection	229
Loopback Detection Settings	230
Traffic Segmentation Settings	231
NetBIOS Filtering Settings	232
DHCP Server Screening	233
Access Authentication Control	235
SSL Settings	243
SSH	245
Trusted Host Settings	249
Safeguard Engine Settings	249
Captive Portal (CP)	251
Chapter 8 Network Application	271
DHCP	271
SNTP	277
Flash File System Settings	279
Chapter 9 OAM	281
CFM	281
Ethernet OAM	291
Cable Diagnostics	295
Chapter 10 Monitoring	297
Utilization	297
Statistics	298
Received (RX)	299
UMB_Cast (RX)	300
Transmitted (TX)	302
Received (RX)	303
Transmitted (TX)	305
Mirror	308
sFlow	310
Ping Test	313
Trace Route	314
Peripheral	315
Chapter 11 Save and Tools	316
Section 3 WLAN	317
Chapter 1 Security	317
Captive Portal (CP)	317
Chapter 2 Monitoring	336
Global	336
Peer Switch	344
Access Point	347
Client	368
QoS	387
Chapter 3 Administration	395
Basic Setup	395
AP Management	407
Advanced Configuration	416
Chapter 4 QoS	443
Access Control Lists	443
Differentiated Services	456
Chapter 5 Network Visualization	462
Download Image	462
Launch…	462
Section 4 Save and Tools	465
Chapter 1 Save	465
Save Configuration / Log	465
Chapter 2 Tools	466
License Management	466
Download Firmware	466
Upload Firmware	467
Download Configuration	467
Upload Configuration	468
Upload Log File	469
Reset	470
Reboot System	471
Appendices	473
Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL	473
Appendix B Password Recovery Procedure	479
Appendix C System Log Entries	480
Appendix D Trap Log Entries	491
Appendix E RADIUS Attributes Assignment	495

Match case Limit results 1 per page

DWS-3160 Series Gigabit Ethernet Unified Switch Web UI Reference Guide

432

Figure 3-36 WIDS Security AP Configuration window

The fields that can be configured or displayed are described below:

Parameter

Description

Administrator

configured rogue AP

If the source MAC address is in the valid-AP database on the switch or on the

RADIUS server and the AP type is marked as Rogue, then the AP state is Rogue.

Managed SSID from

an unknown AP

Select

Enabled

to check whether an unknown AP is using the managed network

SSID. A hacker may set up an AP with managed SSID to fool users into associating

with the AP and revealing password and other secure information. Administrators with

large networks who are using multiple clusters should either use different network

names in each cluster or disable this test. Otherwise, if an AP in the first cluster

detects APs in the second cluster transmitting the same SSID as APs in the first

cluster then these APs are reported as rogues.

Managed SSID from

a fake managed AP

A hacker may set up an AP with the same MAC address as one of the managed APs

and configure it to send one of the managed SSIDs. This test checks for a vendor field

in the beacons which is always transmitted by managed APs. If the vendor field is not

present, then the AP is identified as a fake AP.

AP without an SSID

SSID is an optional field in beacon frames. To avoid detection a hacker may set up an

AP with the managed network SSID, but disable SSID transmission in the beacon

frames. The AP would still send probe responses to clients that send probe requests

for the managed SSID fooling the clients into associating with the hacker's AP.

This test detects and flags APs that transmit beacons without the SSID field. The test

is automatically disabled if any of the radios in the profiles are configured not to send

SSID field, which is not recommended because it does not provide any real security

and disables this test.

Fake managed AP on

an invalid channel

Select

Enabled

to detect rogue APs that transmit beacons from the source MAC

address of one of the managed APs, but on different channel from which the AP is

supposed to be operating.

Managed SSID

detected with

incorrect security

During RF Scan, the AP examines beacon frames received from other APs and

determines whether the detected AP is advertising an open network, WEP, or WPA. If

the SSID reported in the RF Scan is one of the managed networks and its configured

security not match the detected security then this test marks the AP as rogue.

Invalid SSID from a

managed AP

Select

Enabled

to check whether a known managed AP is sending an unexpected

SSID. The SSID reported in the RF Scan is compared to the list of all configured

SSIDs that are used by the profile assigned to the managed AP. If the detected SSID

doesn't match any configured SSID then the AP is marked as rogue.