Rogue Detection Lists - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual

In addition, you can optionally configure MSS to issue on-demand countermeasures. On-demand
countermeasures are those launched against devices that you have manually specified in the switch's
attack list. When you enable on-demand countermeasures, MSS issues them only against the devices
that have been manually specified in the attack list, not to other devices determined to be rogues for
other reasons, such as policy violations.
When MSS directs an AP radio to issue countermeasures against a rogue, MSS changes the channel
on the radio to the channel on which the rogue traffic is detected. The radio remains on that channel as
long as the radio is issuing countermeasures against the rogue, even if RF Auto-Tuning is enabled.
Rogue detection lists specify the third-party devices and SSIDs that MSS allows on the network, and
the devices MSS classifies as rogues. You can configure the following rogue detection lists:
• Permitted SSID list—A list of SSIDs allowed in the network. MSS generates a message if
an SSID that is not on the list is detected.
• Permitted vendor list—A list of the wireless networking equipment vendors whose
equipment is allowed on the network. The vendor of a piece of equipment is identified by
the Organizationally Unique Identifier (OUI), which is the first three bytes of the equipment's
MAC address. MSS generates a message if an AP or wireless client with an OUI that is not
on the list is detected.
• Client black list—A list of MAC addresses of wireless clients who are not allowed on the
network. MSS prevents clients on the list from accessing the network through a switch. If the
client is placed on the black list dynamically by MSS due to an association, reassociation
or disassociation flood, MSS generates a log message.
• Ignore list—A list of third-party devices that you want to exempt from rogue detection. MSS
does not count devices on the ignore list as rogues or interfering devices, and does not
issue countermeasures against them.
An empty permitted SSID list or permitted vendor list implicitly allows all SSIDs or vendors. However,
when you add an entry to the SSID or vendor list, all SSIDs or vendors that are not in the list are
implicitly disallowed. An empty client black list implicitly allows all clients, and an empty ignore list
implicitly considers all third-party wireless devices to be potential rogues.
All the lists except the black list require manual configuration. You can configure entries in the black list
and MSS also can place a client in the black list due to an association, reassociation or disassociation
flood from the client.
The rogue classification algorithm examines each of these lists when determining whether a device is
a rogue.
D-Link DWS-1008 User Manual

Rogue Detection Lists

8