User's Guide

ManualsBrandsExtreme Networks ManualsComputers & AccessoriesWireless Security

911

912

913

914

915

916

917

918

919

920

Table Of Contents

Table of Contents
Preface
- Conventions
  - Text Conventions
  - Terminology
- Providing Feedback
- Getting Help
- Documentation and Training
Introduction
- Scope of Documentation
Extreme AirDefense New User Experience
- Login to ADSP
  - Logout of AirDefense
- Download ADSP Toolkit
  - Download Toolkit from New User Interface
- Launch the Old User Interface
Dashboard
- View Dashboard
  - Set a Favorite Dashboard
- Create a Dashboard
- Manage Your Dashboard
- Delete the Dashboard
- Dashboard Widgets
Network View
- Network View - Network Snapshot
- Network Pane - Details View
Alarm View
- Object Missing
- Alarms - Details View
- Alarms Widget View
- Alarm Details List
Configuration
- Appliance Management
  - Appliance Settings
  - Backup / Restore Status
  - Certificate / Key Validation
    - Certificate Validation
    - Key Validation
  - Certificate Manager
  - Configuration Backup
  - Configuration Clear
  - Configuration Restore
  - Download Logs
    - Forensic and Log Backup
  - Language
  - Login / SSH Banners
  - Redundant Appliance Sync
- Structure Configuration
  - View And Manage Your Network Tree
  - Generate a Network Tree
  - Import the Network Tree
  - Floor Plans
- Auto-Placement Rules
  - View Auto-Placement Rules
  - Add an Auto-Placement Rule
  - Edit an Auto-Placement Rule
- Discovery Profile and Polling Configuration
  - Discovery Profile
  - Polling Configuration
    - Edit Polling Preferences
- Communication Profile
  - View Communication Profiles
  - Add a Communication Profile
  - Edit the Communication Profile
  - Delete Communication Profiles
- Security Profile
  - View Security Profile
  - Add a Security Profile
  - Edit a Security Profile
  - Delete a Security Profile
- Alarm Action Manager
  - View Alarm Action Manager Rule Set
  - Add Alarm Action Manager Rule Set
  - Edit Alarm Action Manager Rule Set
  - Delete Alarm Action Manager Rule Set
- Device Action Manager
  - View Device Action Manager Rule Set
  - Add a Device Action Manager Rule Set
  - Apply or Run the Device Action Manager Rule Sets
    - Apply Device Action Manager Rule Sets
    - Run Device Action Manager Rule Sets Manually
- Sensor Manager
  - Operation Tab
  - Settings Tab
- Alarm Configuration
- Wired Network Monitoring
- Performance Profile
  - View Performance Profile
  - Add Performance Profile
  - Apply Performance Profile
- Environment Monitoring
- Client Types
  - Manage Client Types
- Appliance Settings
- Device Age Out
- Configuration Backup
  - How Backups Work
  - View Backup Schedules
  - Scheduling Configuration Backup
- Forensic and Log Backup
  - Forensic Backup Configuration
  - Log Backup Configuration
- Configuration Restore
- Download Logs
  - Forensic and Log Backup
- Redundant Appliance Synchronization
  - How Synchronization Works
  - Synchronization Rules
  - _
  - Automatic Synchronization
  - Appliance Replacement Considerations
- Configuration Clear
- Language Settings
  - Change the Language
- License Management
  - Auto License Management
  - Add Licenses
  - Manage License Manually
- User Management
  - Manage User Accounts
  - User Group Management
  - User Profile Management
- Relay Server
  - Configure External Relay Server
  - Import Relay Servers
  - Internal Relay Server
- System Settings
  - Add System Log Server IP Address
System Overview
- AirDefense in Standalone Mode
- System Components
- System Requirements
- Version Compatibility for Upgrade
- Connecting to Hardware Appliance
- Configuring the Appliance
  - Add-On Modules
  - Hardware Dependencies
- System Configuration
- Selecting and Deploying APs and Sensors
- Connecting to the Network
- Assigning User Interfaces
- Basic Navigation
- Alarm Time Reporting
Extreme AirDefense on Virtual Platform
- Prerequisites
- Installing Extreme AirDefense 10.0 on VMware
- Install Extreme AirDefense on Xen Hypervisor
Menu
- Installing the Toolkit
- Open
  - Frame Capture Analysis
  - Spectrum Analysis
- Forensic Analysis-Basic
- Advanced Forensic Analysis
- Action Control
  - Action Control Table
  - Action Control Commands
- Reports
  - Web Reporting Interface
- Report Builder
- Connection Troubleshooting
- Scheduled AP Tests
  - Scheduled AP Test
    - On-demand AP Tests
    - AP Test License
- Scheduled Vulnerability Assessment
  - Scheduled Vulnerability Assessment
  - Vulnerability Assessment License
- Scheduled Events
  - Monitoring Scheduled Events
  - Altering Event Schedules
- Add Devices
- Import and Discovery
- Bluetooth Monitoring
AirDefense Dashboard
- The Dashboard
- Selecting Dashboard Scope
- Customizing Dashboard Views
  - View Customization
  - Draggable Components
- Dashboard Components
Network Tab
- Capabilities with a Central Management License
- Select-Network View
  - Show Menu
    - Viewing the Network
    - Types of Devices
  - Actions Menu
- Network Devices
- Association Tree
- Network Graph
- Network Filters
- Actions Menu
- Actions Descriptions
- Advanced Search
Alarms
- AirDefense Alarm Model
- Capabilities with a Central Management License
- Alarm Table
- Alarm Filters
- Alarm Categories and Criticality
  - Alarm Categories
  - Alarm Criticality
- Alarm Details
- Alarm Actions
Configuration Tab
- Search
- Appliance Platform
- Security & Compliance
- Network Assurance
- Infrastructure Management
- Operational Management
- Appliance Management
- Account Management
- Drop-down Menu Access
Security
- WIPS
- Planning Your Sensor Deployment
  - Deployment Considerations
- Physical and Electromagnetic Interference
  - Device Placement Considerations
- Planning Your Sensor Placement
- Sensor Monitoring
- Vulnerability Assessment
  - On-Demand Vulnerability Assessment
  - Scheduled Vulnerability Assessment
- WEP Cloaking
WLAN Management
- Infrastructure Management
- Operational Management
  - Pending State Audit
- Appliance Platform
  - Relay Server
  - Import Relay Server Information
Central Management Console
- Configuring Master/Slave Servers
  - Things to Remember
  - Sharing Certificates
- Adding a Slave Server
ADSPAdmin
- Accessing the ADSPadmin Console
- Manage System
- Manage the Database
- Software
- Configure AirDefense
Troubleshooting
- AP Testing
- Connection Troubleshooting
- Live RF
- Forensic RF
- Spectrum Analysis
- Advanced Spectrum Analysis
- Advanced Troubleshooting
- Assurance Suite (Network Assurance)
- Radio Share Network Assurance
- Customer Support
AirDefense Icons
- AirDefense Application Icons
- Wireless Client Icons
Legacy Content
- Menu
- AirDefense Dashboard
- Network Tab
- Alarms
- Configuration Tab
- Security
- WLAN Management
- Central Management Console
  - Configuring Master/Slave Servers
    - Things to Remember
    - Sharing Certificates
  - Adding a Slave Server
- ADSPAdmin
- Troubleshooting
- AirDefense Icons
  - AirDefense Application Icons
  - Wireless Client Icons
Glossary

If you select one of the tabs, the summary is expanded into more detailed forensic data so that you can

learn more about the wireless device and if necessary, take immediate action.

Note

The tabs displayed will vary depending on the device selected and on whether you have

installed Basic Forensic Analysis or Advanced Forensic Analysis.

You can access the following tabs in Forensic Analysis for more detail:

• Adoption History (APs and Switches.) For APs, adoption history provides a table of devices that

have adopted the selected AP. For switches, it provides a table of devices that the selected switch

has adopted.

• Association Analysis (BSSs and Wireless Clients) lists the associations between the device being

analyzed and other wireless devices.

• Bandwidth Analysis (APs and Switches) displays a chart showing the bandwidth utilization for the

selected AP or switch.

• Channel Analysis (BSSs and Wireless Clients) provides a visual representation of all channels.

• Device Info (All devices) displays the current settings for the device being analyzed.

• Device Analysis (All Devices) provides a visual representation of all channel bandwidths.

• Performance Analysis (Switches) provides performance raw data and usage percentages for the

selected switch.

• Radio Analysis (APs) provides information that can be used to analyze the radio on the selected AP.

• Radio Info (APs) provides radio information that is recorded at the time displayed on the selected

AP.

• Signal Analysis (BSSs and Wireless Clients) displays the signal strength of a device (in dBm) as

measured by various sensors.

• Threat Analysis (All devices) displays a table of alarms generated by the device being analyzed.

• Threat Breakdown (APs, BSSs and Wireless Clients) displays devices broken down by type/

manufacturer.

• Trac Analysis (BSSs and Wireless Clients) displays trac transmitted and received by the device

being analyzed.

• Trac Breakdown (APs, BSSs and Wireless Clients) displays devices broken down by type/

manufacturer.

Advanced Forensic Analysis

The Advanced Forensic Analysis module allows you to access the full potential of Forensic Analysis.

When installed, Advanced Forensic Analysis replaces the Basic Forensic Analysis that is included in

Extreme AirDefense.

Advanced vs. Basic Forensic Analysis

Advanced Forensic Analysis has all the features of Basic Forensic Analysis plus some very powerful

enhancements.

Administrators can view the activity of a suspect device over a period of months and drill down to

minute-by-minute detail of wireless activity. Records are kept over a long period of time so that

administrators can review events months later to improve network security posture, assist in forensic

Legacy Content

Advanced Forensic Analysis

Extreme AirDefense User Guide for version 10.5. 915