Security And Client Oui Reports; Use The Fault Management System To Locate A Rogue - Nortel 2350 User Manual

192 Managing Alarms

Security and Client OUI Reports

Security reports list DoS and IDS alarms, and Client OUI reports list alarms according to the Organizationally Unique
Identifier of the client for which the alarms were generated. The procedure for generating both types of reports is the
same.
To generate a Security or Client OUI report
1
Select the Reports option in the main WMS tool bar.
2
Select Alarm Reports in the Report Category column.
3
Select the Report type from the Reports list.
4
If necessary, browse to the desired output directory in the Output Directory box. Navigate to the desired
location and click Select.
5
Click Generate in the bottom right corner.
6
After generating the report, click the blue hyperlink in the Results box to view the report. WMS opens the
report in a new window and saves it at the previously selected location.
7
Click Close in the bottom right corner of the Report dialog box.

Use the Fault Management System to Locate a Rogue

This section provides an example of how you can use the Fault Management system to locate rogue devices on your
network, then configure WSS Software to use countermeasures against them.
AP radios automatically scan the RF spectrum for other devices transmitting in the same spectrum. The RF scans
discover third-party transmitters in addition to other Nortel radios. WSS Software considers the non-Nortel transmitters
to be devices of interest, which are potential rogues.
A rogue access point is an access point that is not authorized to operate in your network. Rogue access points and their
clients undermine the security of an enterprise network by potentially allowing unchallenged access to the network by
any wireless user or client in the physical vicinity. Rogue access points and users can also interfere with the operation of
your enterprise network. You can configure WMS to automatically use countermeasures against rogue APs to disable
them.
Not all access points placed on the rogue list are "hostile" rogues. You may want to move some of the access points from
the rogue list to a known devices list or a third-party AP list. For more information about this topic as well as more
detailed information about combatting rogues, see the chapter "Detecting and Combatting Rogue Devices" in the
WLAN Management Software 2300 Series Reference Guide.
To locate a rogue
1
Click on the Alarms option in the main WLAN Management Software tool bar. A list of alarms is
displayed.
2
Filter the alarm list so that only alarms related to rogue devices are displayed.
To do this, adjust the selection criteria on the fault dashboard. In the example below, the alarms are
filtered so that only alarms from the WSS AlphaWSS1-(2380) that contain "rogue" in the Description
field are displayed.
NN47250-101 (320665-G Version 02.01)
Nortel