Viewing Ignored Rogue Devices; Using Rapids Workflow To Process Rogue Devices; Score Override - Dell PowerConnect W-Airwave User Manual

Viewing Ignored Rogue Devices

The RAPIDS > List page allows you to view ignored rogues—devices that have been removed from the rogue
count displayed by AMP. Such devices do not trigger alerts and do not display on lists of rogue devices. To display
ignored rogue devices, select View Ignored Rogues at the bottom left of the page.
Once a classification that has rogue devices is chosen from the drop-down menu, a detailed table displays all
known information.

Using RAPIDS Workflow to Process Rogue Devices

One suggested workflow for using RAPIDS is as follows:
Start from the RAPIDS > List page. Sort the devices on this page based on classification type. Begin with

Rogue APs, working your way through the devices listed.
Select Modify Devices, then select all devices that have an IP address and select Identify OS. AMP performs

a port scan on the device and attempts to determine the operating system (see
page 165).
You should investigate devices running an embedded Linux OS installation. The OS scan can help identify
false positives and isolate some devices that should receive the most attention.
Find the port and switch at which the device is located and shut down the port or follow wiring to the device.

To manage the rogue, remove it from the network and acknowledge the rogue record. If you want to allow it

on the network, classify the device as valid and update with notes that describe it.
NOTE: Not all rogue discovery methods will have all information required for resolution. For example, the switch/router
information, port, or IP address are found only through switch or router polling. Furthermore, RSSI, signal, channel, SSID, WEP, or
network type information only appear through wireless scanning. Such information can vary according to the device type that
performs the scan.

Score Override

On RAPIDS > Score Override page you can change the OUI scores that are given to MAC addresses detected
during scans of bridge forwarding tables on routers or switches.
and describe RAPIDS Score Override. Perform these steps to create a score override.
Once a new score is assigned, all devices with the specified MAC address prefix receive the new score.
NOTE: Rescoring a MAC Address Prefix poses a security risk. The block has received its score for a reason. Any devices that fall
within this block receive the new score.
1. Navigate to the RAPIDS > Score Override page. This page lists all existing overrides if they have been
created.
Figure 123 RAPIDS > Score Override Page
176 | Using RAPIDS and Rogue Classification
"Setting Up RAPIDS" on
Figure 123, Figure 124, and
Dell PowerConnect W-AirWave | Version 7.3
Table 101 illustrate