Dell PowerConnect W-Airwave W-Airwave 7.2 Configuration Guide - Page 87

Unauthorized Device, Profiles > IDS > Unauthorized Devices, Dell PowerConnect W Navigation,

Get Dell PowerConnect W-Airwave PDF manuals and user guides View all Dell PowerConnect W-Airwave manuals
Add to My Manuals
Save this manual to your list of manuals

Page 87 highlights

interference, it is not considered a direct security threat since it is not connected to the wired network. However, an interfering AP may be reclassified as a rogue AP. NOTE: Rogue device classification for WMS Offload infrastructure is also described in the Dell PowerConnect W AirWave 7.2 User Guide in Home > Documentation. You can enable a policy to automatically disable APs that are classified as a rogue APs by the Dell PowerConnect W system. When a rogue AP is disabled, no wireless stations are allowed to associate to that AP. Perform these steps to create IDS Unauthorized Device profiles. 1. Select Profiles > IDS > Unauthorized Devices in the Dell PowerConnect W Navigation pane. 2. Select the Add button to create a new Unauthorized Devices profile, or click the pencil icon next to an existing profile to edit. The Details page appears. Complete the settings as described in Table 34: Table 34 Profiles > IDS > Unauthorized Devices Profile Settings Field Default Description General Settings Folder Top Name Blank Other Settings Detect Adhoc Networks Yes Protect from Adhoc No Networks Detect Windows Bridge Yes Detect Wireless Bridge Yes Detect Devices with An No Invalid MAC OUI MAC OUI Detection Quiet 900 Time (60-360000 sec) Adhoc Network 900 Detection Quiet Time (60-360000 sec) Wireless Bridge 900 Detection Quiet Time (60-360000 sec) Rogue AP Classification Yes Set the folder with which the profile is associated. The drop-down menu displays all folders available for association with the profile. Enter the name of the profile. Enable or disable detection of adhoc networks. Enable or disable protection from adhoc networks. When adhoc networks are detected, they are disabled using a denial of service attack. Enable or disable detection of Windows station bridging. Enable or disable detection of wireless bridging. Enable or disable the checking of the first three bytes of a MAC address, known as the MAC organizationally unique identifier (OUI), assigned by the IEEE to known manufacturers. Often clients using a spoofed MAC address do not use a valid OUI and instead use a randomly generated MAC address. Enabling MAC OUI checking causes an alarm to be triggered if an unrecognized MAC address is in use. Set the time, in seconds, that must elapse after an invalid MAC OUI alarm has been triggered before another identical alarm may be triggered. Set the time, in seconds, that must elapse after an adhoc network detection alarm has been triggered before another identical alarm may be triggered. Set the time, in seconds, that must elapse after a wired bridging alarm has been triggered before another identical alarm may be triggered. Enable or disable rogue AP classification. A rogue AP is one that is unauthorized and plugged into the wired side of the network. Any other AP seen in the RF environment that is not part of the valid enterprise network is considered to be "interfering" - it has the potential to cause RF interference but it is not connected to the wired network and thus does not represent a direct threat. Dell PowerConnect W AirWave 7.2 | Configuration Guide Dell PowerConnect W Configuration Reference | 87

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
Dell PowerConnect W AirWave 7.2
| Configuration Guide
Dell PowerConnect W Configuration Reference
|
87
interference, it is not considered a direct security threat since it is not connected to the wired network. However,
an interfering AP may be reclassified as a rogue AP.
You can enable a policy to automatically disable APs that are classified as a rogue APs by the Dell PowerConnect
W system. When a rogue AP is disabled, no wireless stations are allowed to associate to that AP.
Perform these steps to create IDS
Unauthorized Device
profiles.
1.
Select
Profiles > IDS > Unauthorized Devices
in the
Dell PowerConnect W Navigation
pane.
2.
Select the
Add
button to create a new
Unauthorized Devices
profile
,
or click the
pencil
icon next to an
existing profile to edit. The
Details
page appears. Complete the settings as described in
Table 34
:
NOTE:
Rogue device classification for WMS Offload infrastructure is also described in the
Dell PowerConnect W AirWave 7.2
User Guide
in
Home > Documentation.
Table 34
Profiles > IDS > Unauthorized Devices Profile Settings
Field
Default
Description
General Settings
Folder
Top
Set the folder with which the profile is associated. The drop-down menu displays all
folders available for association with the profile.
Name
Blank
Enter the name of the profile.
Other Settings
Detect Adhoc Networks
Yes
Enable or disable detection of adhoc networks.
Protect from Adhoc
Networks
No
Enable or disable protection from adhoc networks. When adhoc networks are detected,
they are disabled using a denial of service attack.
Detect Windows Bridge
Yes
Enable or disable detection of Windows station bridging.
Detect Wireless Bridge
Yes
Enable or disable detection of wireless bridging.
Detect Devices with An
Invalid MAC OUI
No
Enable or disable the checking of the first three bytes of a MAC address, known as the
MAC organizationally unique identifier (OUI), assigned by the IEEE to known
manufacturers. Often clients using a spoofed MAC address do not use a valid OUI and
instead use a randomly generated MAC address. Enabling MAC OUI checking causes
an alarm to be triggered if an unrecognized MAC address is in use.
MAC OUI Detection Quiet
Time
(60-360000 sec)
900
Set the time, in seconds, that must elapse after an invalid MAC OUI alarm has been
triggered before another identical alarm may be triggered.
Adhoc Network
Detection Quiet Time
(60-360000 sec)
900
Set the time, in seconds, that must elapse after an adhoc network detection alarm has
been triggered before another identical alarm may be triggered.
Wireless Bridge
Detection Quiet Time
(60-360000 sec)
900
Set the time, in seconds, that must elapse after a wired bridging alarm has been
triggered before another identical alarm may be triggered.
Rogue AP Classification
Yes
Enable or disable rogue AP classification. A rogue AP is one that is unauthorized and
plugged into the wired side of the network. Any other AP seen in the RF environment
that is not part of the valid enterprise network is considered to be “interfering” — it has
the potential to cause RF interference but it is not connected to the wired network and
thus does not represent a direct threat.