Dell PowerConnect W-Airwave W-Airwave 7.2 Configuration Guide - Page 88

Table 34 Profiles > IDS > Unauthorized Devices Profile Settings (Continued) Field Default Description Overlay Rogue AP Yes Set Overlay Rogue Classification, which is classification through valid/rogue APs. A Classification controller uses the wired-mac table of other valid and rogue APs as equivalents of the wired MACs that it sees on our network. When this match is triggered, it makes a note of the AP that helped in this process, and this info will be displayed as the Helper-AP. Valid Wired MACs Blank Text Set a list of MAC addresses of wired devices in the network, typically gateways or Field servers. Rogue Containment No By default, rogue APs are only detected but are not automatically disabled. This option automatically shuts down rogue APs. When this option is enabled, clients attempting to associate to a rogue AP will be disconnected from the rogue AP through a denial of service attack. Allow Well Known MAC Allow devices with known MAC addresses to classify rogues APs. Depending on your network, configure one or more of the following options for classifying rogue APs:  hsrp-Routers configured for HSRP, a Cisco-proprietary redundancy protocol, with the HSRP MAC OUI 00:00:0c.  iana-Routers using the IANA MAC OUI 00:00:5e.  local-mac-Devices with locally administered MAC addresses starting with 02.  vmware-Devices with any of the following VMWare OUIs: 00:0c:29, 00:05:69, or 00:50:56  vmware1-Devices with VMWare OUI 00:0c:29.  vmware2-Devices with VMWare OUI 00:05:69.  vmware3-Devices with VMWare OUI 00:50:56. If you modify an existing configuration, the new configuration overrides the original configuration. For example, if you configure allow-well-known-mac hsrp and then configure allow-well-known-mac iana, the original configuration is lost. Suspected Rogue No Use this setting to treat suspected rogue APs as interfering APs; thereby the controller Containment attempts to reclassify them as rogue APs. By default, suspected rogue APs are not automatically contained. In combination with the suspected rogue containment confidence level, this option automatically shuts down suspected rogue APs. When this option is enabled, clients attempting to associate to a suspected rogue AP will be disconnected from the suspected rogue AP through a denial of service attack. Suspected Rogue 60 Containment Confidence Level (50-100) Set the confidence level. When an AP is classified as a suspected rogue AP, it is assigned a 50% confidence level. If multiple APs trigger the same events that classify the AP as a suspected rogue, the confidence level increases by 5% up to 95%. In combination with suspected rogue containment, this option configures the threshold by which containment should occur. Suspected rogue containment occurs only when the configured confidence level is met. Protect Valid Stations No Use this setting to disallow valid stations from connecting to a non-valid AP. Detect Bad WEP No Enable or disable detection of WEP initialization vectors that are known to be weak. A primary means of cracking WEP keys is to capture 802.11 frames over an extended period of time and searching for such weak implementations that are still used by many legacy devices. Detect Misconfigured AP No Enable or disable detection of misconfigured APs. An AP is classified as misconfigured if it does not meet any of the following configurable parameters:  Valid channels  Encryption type  Short preamble  List of valid AP MAC OUIs  Valid SSID list 88 | Dell PowerConnect W Configuration Reference Dell PowerConnect W AirWave 7.2 | Configuration Guide