Viewing Ignored Rogue Devices; Using Rapids Workflow To Process Rogue Devices; Score Override - Dell PowerConnect W-AirWave 7.6 User Manual

3. Select the Delete button if the rogue device is to be removed from AirWave processing.

Viewing Ignored Rogue Devices

The RAPIDS > List page allows you to view ignored rogues—devices that have been removed from the rogue count
displayed by AirWave. Such devices do not trigger alerts and do not display on lists of rogue devices. To display
ignored rogue devices, select View Ignored Rogues at the bottom left of the page.
Once a classification that has rogue devices is chosen from the drop-down menu, a detailed table displays all known
information.

Using RAPIDS Workflow to Process Rogue Devices

One suggested workflow for using RAPIDS is as follows:
Start from the RAPIDS > List page. Sort the devices on this page based on classification type. Begin with Rogue
l
APs, working your way through the devices listed.
Select Modify Devices, then select all devices that have an IP address and select Identify OS. AirWave performs
l
a port scan on the device and attempts to determine the operating system. (See
171.)
You should investigate devices running an embedded Linux OS installation. The OS scan can help identify false
positives and isolate some devices that should receive the most attention.
Find the port and switch at which the device is located and shut down the port or follow wiring to the device.
l
To manage the rogue, remove it from the network and acknowledge the rogue record. If you want to allow it on
l
the network, classify the device as valid and update with notes that describe it.
NOTE: Not all rogue discovery methods will have all information required for resolution. For example, the switch/router information,
port, or IP address are found only through switch or router polling. Furthermore, RSSI, signal, channel, SSID, WEP, or network type
information only appear through wireless scanning. Such information can vary according to the device type that performs the scan.

Score Override

On the RAPIDS > Score Override page you can change the OUI scores that are given to MAC addresses detected
during scans of bridge forwarding tables on routers or switches.
describe RAPIDS Score Override. Perform these steps to create a score override.
Once a new score is assigned, all devices with the specified MAC address prefix receive the new score.
NOTE: Note that rescoring a MAC Address Prefix poses a security risk. The block has received its score for a reason. Any devices that
fall within this block receive the new score.
1. Navigate to the RAPIDS > Score Override page. This page lists all existing overrides if they have been created.
Dell PowerConnect W-AirWave 7.6 | User Guide
"Setting Up RAPIDS" on page
Figure 123, Figure 124, and
Using RAPIDS and Rogue Classification | 183
Table 101 illustrate and