Table of Contents
Advertisement
Chapter 1: An Overview of the BlueSecure Controller
BSAPs are simple to configure ("zero touch") and require only minimal provisioning to
make them fully operational on a WLAN secured and managed by a BlueSecure
Controller.
BSAPs can be directly attached to any existing Layer-2 or Layer-3 Ethernet switch and
communicate with the BSC across any subnet boundary. Once the BSAP has discovered
and established Layer-2 or Layer-3 communication with its home (i.e., host) BlueSecure
Controller, advanced configuration and provisioning may be applied either to individual
BSAPs or globally across the entire WLAN using the BSC's web-based Administrator
Console.
Additionally, BlueSecure Access Points provide client load balancing, call admission
control, "over the air" QoS, and fast roaming (802.11i key caching) to ensure the WLAN
will support low latency applications such as VoIP.
You can configure BSAPs to function as access points or RF sensors. The BSC manages
and configures BSAPs operating in AP-only mode, dual mode (AP and/sensor mode), or
sensor-only mode, and uses BSAPs operating in sensor mode to perform RF intrusion
detection as described in"RF Intrusion Detection/RF Containment" on page 1-4.
RF Management
To overcome the various sources of RF noise and interference, and user loads that can
impede the performance of access points on your WLAN, the BSC incorporates
"DynamicRF™" functionality for use with BlueSecure Access Points.
Using its DynamicRF functionality, the BSC adjusts the radio channel and power settings
of BSAPs under its control, whenever the BSC detects any non-optimal environmental
conditions such as:
•
general interference or noise
•
co-channel interference introduced by a neighboring AP
•
loss of connectivity to a BSAP
•
poor wireless client characteristics (low RSSIs, multiple failures or retries, etc.)
•
high user load
You can enable the DynamicRF functionality on a global basis for all BlueSecure Access
Points connected to a BSC or you can selectively enable/disable DynamicRF on a per-
BSAP basis.
RF Intrusion Detection/RF Containment
The BSC detects and protects against rogue devices, ad-hoc networks, and a large
number of WLAN Denial of Service (DoS) and spoofing attacks.
The BSC provides RF intrusion detection by analyzing the data collected from its BSAPs
operating in dual AP/sensor mode or sensor-only mode to detect attacks, vulnerabilities,
and rogue devices in the RF space.
Should a rogue AP or client be discovered, the BSC configures the BSAP nearest the
rogue device to initiate containment using 802.11 de-authentication and/or
disassociation messages. Up to five BSAPs can participate in the containment if range
permits. The BSAPs participating in the rogue containment remain online for wireless
access during the containment period.
All RF IDS alarms issued by a BSAP automatically generate a corresponding SNMP trap
message and syslog message.
1-4
Advertisement
Table of Contents
