Manualshelf

User's Manual

ManualsBrandsAirgo Networks ManualsElectronicsTrue MIMO Access Point
21222324252627282930
Managing Rogue Access Points
Installation and User Guide: Airgo Access Point 191
IP level discovery requires that the detecting AP be able to determine the IP address of the
discovered AP through an IP / SNMP connectivity check and establish IP-level communications
with it. NM Portal then performs a series of consistency checks and certification to determine
whether the AP is a recognized part of the network.
After an AP is successfully discovered and authenticated, the system checks to see whether it is
enrolled and places it into the Enrolled or APs to be Enrolled table. For more information on AP
enrollment, see “Enrolling APs” on page 181. A variety of conditions may cause NM Portal to label
an AP as a rogue candidate:
The AP is not an Airgo AP.
A problem exists with the AP certificate and the AP cannot be authenticated.
The AP is a legitimate device on a neighboring network but has been detected through a
wireless scan.
An unauthorized device attempts to access the network
The objectives of rogue AP management are to determine which APs pose a security risk and to
take action to reduce the risk.
The Rogue AP panels within NM Portal provide an interface to monitor and classify rogue APs.
Use the IP Rogue AP panel to manage potential rogues detected through IP discovery, and use the
Wireless Rogue AP panel to manage potential rogues detected through wireless discovery.
Each panel opens to the Unclassified tab, which lists the candidate rogue APs. From the list, select
individual APs to classify as known in your network or a neighbors network. Once classified, the
APs are listed in the IP or Wireless Classified tab.
IP Rogue AP Management
Select IP Rogue AP from the Rogue AP menu to open the table of IP-unclassified APs. This panel
(Figure 136) lists the following information for each unclassified AP:
Field Description
Device ID Unique identifier for the AP
Node Name Name of the AP advertised in the beacon frame
Rejection Reason Failure that prevented the AP from passing authentication
Time Discovered Time of the last IP scan that detected the AP, updated each time the AP is
detected
Thumbprint Factory-generated identifier used for AP enrollment