Home » Dell Manuals » Hubs & Switches » Dell PowerConnect W-IAP92 » Manual Viewer

Dell PowerConnect W-IAP92 Dell Instant 6.1.3.4-3.1.0.0 User Guide - Page 165

Intrusion Detection System, Rogue AP Detection and Classification, Wireless Intrusion Protection (WIP)

View all Dell PowerConnect W-IAP92 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 165 highlights

Chapter 18 Intrusion Detection System Intrusion Detection System (IDS) is a feature that monitors the network for the presence of unauthorized IAPs and clients. It also logs information about the unauthorized IAPs and clients, and generates reports based on the logged information. Rogue AP Detection and Classification The most important IDS functionality offered in the Dell Instant network is the ability to detect rogue APs, interfering APs, and other devices that can potentially disrupt network operations. An AP is considered to be a rogue AP if it is both unauthorized and plugged into the wired side of the network. An AP is considered to be an interfering AP if it is seen in the RF environment but is not connected to the wired network. While the interfering AP can potentially cause RF interference, it is not considered a direct security threat since it is not connected to the wired network. However, an interfering AP may be reclassified as a rogue AP. Navigate to IDS in the Instant UI and click the IDS link. The built-in IDS scans for access points that are not controller by this Virtual Controller. These are listed below and classified as either Interfering or Rogue, depending on whether they are on a foreign network or your network. Figure 138 Intrusion Detection Wireless Intrusion Protection (WIP) WIP offers a wide selection of intrusion detection and protection features to protect the network against wireless threats. Like most other security-related features of the Dell network, the WIP configuration can be done on the IAP. An administrator can configure the following five main options:  Infrastructure Detection Policies- Specifies which wireless attacks on access points to detect  Client Detection Policies- Specifies which wireless attacks on clients to detect  Infrastructure Protection Policies- Specifies which wireless attacks on access points to protect against  Client Protection Policies- Specifies which wireless attacks on clients to protect against  Containment Methods- To prevent unauthorized stations from connecting to your Instant network. In each of these options there are several default levels that enable different sets of policies. An administrator can customize (enable/disable) these options accordingly. Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0 | User Guide Intrusion Detection System | 165

Section	Page
Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0	1
Contents	3
About this Guide	11
Dell PowerConnect W-Instant Access Point Overview	11
Supported Devices	11
Objective	11
Intended Audience	11
Conventions	12
Contacting Support	12
Initial Configuration	13
Initial Setup	13
Pre-Installation Checklist	13
Connecting the IAP to a Power Source	14
Assigning an IP Address to the IAP	14
Connecting to a Provisioning Wi-Fi Network	14
Disabling the Provisioning Wi-Fi Network	15
Login into Instant User Interface	16
Specifying the Country Code	16
IAP Cluster	17
Instant User Interface	19
Understanding the Instant UI Layout	19
Banner	20
Search	20
Tabs	20
Networks Tab	20
Access Points Tab	21
Clients Tab	21
Links	22
New Version Available	22
Settings	23
RF	25
PEF	26
WIP	27
VPN	27
Wired	28
Maintenance	28
Support	30
Help	33
Logout	33
Monitoring	33
Spectrum	36
Alerts	38
IDS	40
Configuration	41
Language	41
Dell PowerConnect W-AirWave Setup	41
Pause/Resume	42
Views	42
Wireless Network	43
Network Types	43
Employee Network	43
Adding an Employee Network	44
Voice Network	51
Adding a Voice Network	52
Guest Network	58
Adding a Guest Network	59
Editing a Network	65
Deleting a Network	65
Number of WLAN SSIDs supported	65
Enabling the Extended SSID option	66
Mesh Network	67
Mesh Instant Access Points	67
Mesh Portals	67
Mesh Points	68
Instant Mesh Setup	68
Managing IAPs	71
Preferred Band	71
Auto Join Mode	71
Disabling Auto Join Mode	71
Terminal Access	72
LED Display	73
TFTP Dump Server	74
Extended SSID	75
Deny Inter User Bridging and Deny Local Routing	76
Terminal Access	77
Syslog Server	78
Syslog Facility Levels	78
Adding an IAP to the Network	79
Removing an IAP from the Network	79
Editing IAP Settings	80
Changing IAP Name	80
Changing IP Address of the IAP	80
Configuring Adaptive Radio Management	81
Configuring Uplink Management VLAN	82
Configuring Wired Bridging on Ethernet 0	82
Migrating to a Mobility Controller Managed Network	83
Converting an IAP to RAP Mode	83
Converting an IAP to CAP	86
Converting an IAP to Standalone Mode	86
Converting back to an IAP	87
Rebooting the IAP	87
Firmware Image Server in Cloud Network	89
Upgrade using Dell PowerConnect W-AirWave and Image Server	89
Image management using Cloud Server	89
Image management using Dell PowerConnect W-AirWave	89
Automatic Firmware Image Check and Upgrade	89
Upgrading to New Version	90
Manual	90
Automatic	92
Layer-3 Mobility	93
Overview	93
Configuring a mobility domain	94
Home Agent Load Balancing	96
Spectrum Monitor	97
Creating Spectrum Monitors and Hybrid APs	97
Converting IAPs into Hybrid IAPs	97
Converting an IAP to a Spectrum Monitor	98
Spectrum Data	100
Overview - Device List	100
Non-WiFi Interferers	101
Channel Metrics	102
Channel Details	103
Spectrum Alerts	103
NTP Server	105
Configuring an NTP Server	105
Virtual Controller	107
Master Election Protocol	107
Virtual Controller IP Address	107
Specifying Name and IP Address for the Virtual Controller	107
Configuring the DHCP Server	108
Authentication	109
Authentication Methods in Dell Instant	109
802.1X Authentication	109
Internal RADIUS Server	109
External RADIUS Server	110
Authentication Terminated on IAP	110
Configuring an External RADIUS Server	110
Enabling Instant RADIUS	112
RADIUS Server Authentication with VSA	113
List of supported VSA	113
Management Authentication Settings	116
Captive Portal	116
Internal Captive Portal	117
Configuring Internal Captive Portal Authentication when Adding a Guest Network	117
Configuring Internal Captive Portal Authentication when Editing a Guest Network	118
Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network	119
Customizing a Splash Page	120
Disabling Captive Portal Authentication	121
External Captive Portal	122
Configuring External Captive Portal Authentication when Adding a Guest Network	122
Configuring External Captive Portal Authentication when Editing a Guest Network	124
External Captive Portal Authentication using Dell PowerConnect W-ClearPass GuestConnect	126
Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect	126
Configuring the RADIUS Server in Instant	126
MAC Authentication	127
Configuring MAC Authentication	127
Walled Garden Access	128
Creating a Walled Garden Access	128
Wired Authentication on an IAP	129
Certificates	129
Loading Certificates using Instant WebUI	130
Loading Certificates using Dell PowrConnect W-AirWave	131
Encryption	135
Encryption Types Supported in Dell Instant	135
WEP	135
TKIP	135
AES	135
Encryption Recommendations	135
Understanding WPA and WPA2	136
Recommended Authentication and Encryption Combinations	136
Role Derivation	137
User Roles	137
Creating a New User Role	137
Creating Role Assignment Rules	138
DHCP Option and DHCP Fingerprinting	139
802.1X-Authentication-Type	140
User VLAN Derivation	141
User VLAN Derivation	141
Vendor Specific Attributes (VSA)	141
VLAN Derivation Rule	142
Configuring VLAN Derivation Rules on an IAP	142
User Role	143
Configuring a User Role	143
SSID Profile	145
Configuring VLAN Derivation Rules Using SSID Profile	145
Instant Firewall	147
Service Options	148
Destination Options	149
Examples for Access Rules	150
Allow TCP Service to a Particular Network	150
Allow POP3 Service to a Particular Server	151
Deny FTP Service except to a Particular Server	152
Deny bootp Service except to a Particular Network	153
Content Filtering	155
Enabling Content Filtering	155
Enterprise Domains	156
OS Fingerprinting	157
Adaptive Radio Management	159
ARM Features	159
Channel or Power Assignment	159
Voice Aware Scanning	159
Load Aware Scanning	159
Band Steering Mode	159
Airtime Fairness Mode	160
Airtime Fairness Modes	160
Access Point Control	160
Customize Valid Channels	160
Min Transmit Power	161
Max Transmit Power	161
Client Aware	161
Scanning	161
Wide Channel Bands	161
Monitoring the Network with ARM	161
ARM Metrics	161
Configuring Administrator Assigned Radio Settings for IAP	162
Configuring Radio Profiles in Instant	163
Intrusion Detection System	165
Rogue AP Detection and Classification	165
Wireless Intrusion Protection (WIP)	165
Containment Methods	169
SNMP	171
SNMP Parameters for IAP	171
SNMP Traps	173
Hierarchical Deployment	175
Deployment	175
Ethernet Downlink	177
Ethernet Downlink Overview	177
Ethernet Downlink Profile Parameters	177
Assigning a Profile to the Ethernet Port	180
Uplink Configuration	181
Uplink Configuration Overview	181
Ethernet Uplink	181
3G/4G Uplink	182
Types of Modems	182
Uplink Switchover	186
Uplink Switching based on VPN Status	186
Uplink Preemption	186
Uplink Preference	186
PPPoE	187
Configuring PPPoE	187
Dell PowerConnect W-AirWave Integration and Management	189
Dell PowerConnect W-AirWave Features	189
Image Management	189
IAP and Client Monitoring	189
Template-based Configuration	190
Trending Reports	190
Intrusion Detection System	190
Wireless Intrusion Detection System (WIDS) Event Reporting to Dell PowerConnect W-AirWave	190
RF Visualization Support for Dell Instant	191
Configuring Dell PowerConnect W-AirWave	191
Creating your Organization String	191
About Shared Key	192
Entering the Organization String and AMP Information into the IAP	192
Dell PowerConnect W-AirWave Discovery through DHCP Option	192
Standard DHCP option 60 and 43 on Windows Server 2008	192
Alternate method for defining Vendor Specific DHCP options	195
Monitoring	199
Virtual Controller View	199
Monitoring Link	200
Info	200
RF Dashboard	200
Usage Trends	200
Client Alerts Link	202
IDS Link	202
Network View	202
Info	203
Usage Trends	203
Instant Access Point View	204
Info	205
RF Dashboard	205
Overview	205
Client View	212
Info	213
RF Dashboard	213
RF Trends	213
Mobility Trail	216
Alert Types and Management	217
Alert Types	217
Policy Enforcement Firewall	219
Authentication Servers	219
Users for Internal Server	220
Roles	220
Extended Voice and Video Functionalities	221
QoS for Microsoft Office OCS and Apple Facetime	221
Client Blacklisting	223
Types of Client Blacklisting	224
Manual Blacklisting	224
Adding a Client to the Manual Blacklist	224
Dynamic Blacklisting	225
Authentication Failure Blacklisting	225
Session Firewall Based Blacklisting	225
PEF Settings	225
Firewall ALG Configuration	225
Firewall-based Logging	226
VPN Configuration	227
VPN Configuration	227
Routing Profile Configuration	228
DHCP Server Configuration	229
NAT DHCP Configuration	229
Distributed L2 DHCP Configuration	230
Distributed L3 DHCP Configuration	231
Centralized L2 DHCP Configuration	232
User Database	235
Adding a User	235
Editing User Settings	236
Deleting a User	236
Regulatory Domain	237
Country Codes List	238
Controller Configuration for VPN	241
Whitelist DB Configuration if the Controller is acting as the Whitelist Entry	241
VPN Local Pool Configuration	242
IAP VPN Profile Configuration	242
Abbreviations	245

Match case Limit results 1 per page

Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0

User Guide

Intrusion Detection System

165

Chapter 18

Intrusion Detection System

Intrusion Detection System (IDS) is a feature that monitors the network for the presence of unauthorized IAPs

and clients. It also logs information about the unauthorized IAPs and clients, and generates reports based on the

logged information.

Rogue AP Detection and Classification

The most important IDS functionality offered in the Dell Instant network is the ability to detect rogue APs,

interfering APs, and other devices that can potentially disrupt network operations. An AP is considered to be a

rogue AP if it is both unauthorized and plugged into the wired side of the network. An AP is considered to be an

interfering AP if it is seen in the RF environment but is not connected to the wired network. While the

interfering AP can potentially cause RF interference, it is not considered a direct security threat since it is not

connected to the wired network. However, an interfering AP may be reclassified as a rogue AP.

Navigate to

IDS

in the Instant UI and click the

IDS

link. The built-in IDS scans for access points that are not

controller by this Virtual Controller. These are listed below and classified as either Interfering or Rogue,

depending on whether they are on a foreign network or your network.

Figure 138

Intrusion Detection

Wireless Intrusion Protection (WIP)

WIP offers a wide selection of intrusion detection and protection features to protect the network against wireless

threats. Like most other security-related features of the Dell network, the WIP configuration can be done on the

IAP.

An administrator can configure the following five main options:



Infrastructure Detection Policies— Specifies which wireless attacks on access points to detect



Client Detection Policies— Specifies which wireless attacks on clients to detect



Infrastructure Protection Policies— Specifies which wireless attacks on access points to protect against



Client Protection Policies— Specifies which wireless attacks on clients to protect against



Containment Methods— To prevent unauthorized stations from connecting to your Instant network.

In each of these options there are several default levels that enable different sets of policies. An administrator can

customize (enable/disable) these options accordingly.