User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

451

452

453

454

455

456

457

458

459

460

l Classification-off—AP is classified as rogue because classification has been disabled causing all non-

authorized APs to be classified as a rogue.

l Propagated-Wired-MAC—The MAC addresses of wired devices learned by a different AP than the one that

uses it for classifying a rogue.

l Base-BSSID-Override—The classification was derived from another BSSID which belongs to the same AP

that supports multiple BSSIDs on the radio interface.

l AP-Rule—A user defined AP classification rule has matched.

l System-Wired-MAC—The MAC addresses of wired devices learned at the controller.

l System-Gateway-MAC—The Gateway MAC addresses learned at the controller.

Understanding Suspected Rogue Confidence Level

A suspected rogue AP is an AP that is potentially a threat to the WLAN infrastructure. A suspected rogue AP has

a confidence level associated with it. An AP can be marked as a suspected rogue if it is determined to be a

potentially threat on the wired network, or if it matches a user defined classification rule.

The suspected-rogue classification mechanism are:

l Each mechanism that causes a suspected-rogue classification is assigned a confidence level increment of

20%.

l AP classification rules have a configured confidence level.

l When a mechanism matches a previously unmatched mechanism, the confidence level increment

associated with that mechanism is added to the current confidence level (the confident level starts at zero).

l The confidence level is capped at 100%.

l If your controller reboots, your suspected-rogue APs are not checked against any new rules that were

configured after the reboot. Without this restriction, all the mechanisms that classified your APs as

suspected-rogue may trigger again causing the confidence level to surpass their cap of 100%. You can

explicitly mark an AP as “interfering” to trigger all new rules to match against it.

Understanding AP Classification Rules

AP classification rule configuration is performed only on a master controller. If AMP is enabled via the mobility-

manager command, then processing of the AP classification rules is disabled on the master controller. A rule is

identified by its ASCII character string name (32 characters maximum). The AP classification rules have one of

the following specifications:

l SSID of the AP

l SNR of the AP

l Discovered-AP-Count or the number of APs that can see the AP

Understanding SSID specification

Each rule can have up to 6 SSID parameters. If one or more SSIDs are specified in a rule, an option of whether

to match any of the SSIDs, or to not match all of the SSIDs can be specified. The default is to check for a match

operation.

Understanding SNR specification

Each rule can have only one specification of the SNR. A minimum and/or maximum can be specified in each

rule and the specification is in SNR (db).

Dell Networking W-Series ArubaOS 6.4.x | User Guide Wireless Intrusion Prevention | 458