Manage Rogue Access Points - NETGEAR ProSafe WC7520 Reference Manual

20-ap wireless controller

Hide thumbs Also See for ProSafe WC7520:

Reference manual (162 pages)

Datasheet (6 pages)

Installation manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

Table of Contents

•

Basic security settings. You can apply the following security settings to any profile,

whether in the basic profile group or in an advanced profile group:

Basic MAC authentication (the MAC ACL group that is called basic)

Basic authentication server (the RADIUS server that is called basic-Auth or the LDAP

server that is called basic-LDAP)

•

Advanced security settings. You can apply the following security settings to any profile,

whether in the basic profile group or in an advanced profile group:

Advanced MAC authentication (the MAC ACLs that are, by default, called, Acl-1,

Acl-2, Acl-3, and so on; you can change these default names)

Advanced authentication server (the RADIUS servers that are, by default, called

Auth-1, Auth-2, Auth-3, and so on; you can change these default names)

•

Global security settings. The following security settings apply to all profiles, whether in

the basic profile group or in any of the advanced profile groups:

Basic rogue AP detection

Advanced rogue AP detection

Manage Rogue Access Points

Rogue access point detection is disabled by default on the wireless controller. If you want to

detect rogue access points, you need to enable rogue access point detection and specify

how aggressively access points should scan for rogue access points. Scanning affects the

service availability of the access point. If rogue access point detection is set up as

aggressive, the access point scans often, at which time it is unavailable for clients to

associate to it.

An access point is defined as rogue if:

•

The access point's radio basic service set identifier (BSSID) is observed by any of the

managed access points.

•

The access point is seen transmitting on the Ethernet side on the same Layer 2 as the

managed access points.

•

At least one client is connected to the access point.

Any unmanaged access point not meeting all these conditions is classified as a neighbor.

The access points transmit broadcast frames on the Ethernet during the time access point

radios are off-channel (and scanning).

Note:

For the triangulation of the rogue access points to work, ensure that

the access points are positioned correctly in the floor plan. See

and Manage Heat Maps for Deployed Plans

ProSafe 20-AP Wireless Controller WC7520

Configuring Network Access and Security

107

View

on page 46.

Table of Contents

Manage Rogue Access Points - NETGEAR ProSafe WC7520 Reference Manual

Manage Rogue Access Points

Related Manuals for NETGEAR ProSafe WC7520

Related Content for NETGEAR ProSafe WC7520

Table of Contents