Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Airwave

171

172

173

174

175

176

177

178

179

180

Dell PowerConnect W AirWave 7.2 | User Guide Using RAPIDS and Rogue Classification | 175

Threat Level This field displays the numeric threat level of the device, in a range from 1 to 10. The definition of threat

level is configurable, as described in “Rogue Device Threat Level” on page171. The threat level is also

supported with Triggers (see “Monitoring and Supporting AWMS with the System Pages” on

page205).

Name Displays the alpha-numeric name of the rogue device, as known. By default, AWMS assigns each rogue

device a name derived from the OUI vendor and the final six digits of the MAC address.

Classifying Rule Displays the RAPIDS Rule that classified the rogue device (see“Viewing and Configuring RAPIDS

Rules” on page171).

Controller

Classification

Displays the classification of the device based on the controller’s hard-coded rules.

NOTE: This column is hidden unless Offload WMS Database is enabled by at least one group on the

Groups > Basic page.

WMS Classification

The AP that provided the information used to classify the device.

WMS Classification

Date

The date that WMS decided the classification

Confidence The confidence level of the suspected rogue. How confidence is calculated varies based on the version

of ArubaOS. When an ArubaOS controller sees evidence that a device might be on the wire it will up the

confidence level. If ArubaOS is completely sure that it is on the wire, it gets classified as a rogue.

Wired Displays whether the rogue device has been discovered on one of your wired networks by polling

routers/switches, your SNMP/HTTP scans, or Dell WIP information. This column displays Yes or is blank

if wired information was not detected.

Detecting APs Displays the number of AP devices that have wirelessly detected the rogue device. A designation of

heard implies the device was heard over the air.

Location As with most List pages in AWMS, the RAPIDS > List page includes the Location column. If the rogue

has been placed in VisualRF, this column will display the name of the floor plan the rogue is on. RAPIDS

and VisualRF must be licensed on the AWMS for this functionality to be supported.

SSID Displays the most recent SSID that was heard from the rogue device.

Signal Displays the strongest signal strength detected for the rogue device.

RSSI Displays Received Signal Strength Indication (RSSI) designation, a measure of the power present in a

received radio signal.

Network Type Displays the type of network in which the rogue is present, for example:

 Ad-hoc—This type of network usually indicates that the rogue is a laptop that attempts to create a

network with neighboring laptops, and is less likely to be a threat.

 AP—This type of network usually indicates an infrastructure network, for example. This may be

more of a threat.

 Unknown—The network type is not known.

Encryption Type Displays the encryption that is used by the device. Possible contents of this field include the following

encryption types:

 Open—No encryption

 WEP—Wired Equivalent Privacy

 WPA—Wi-Fi Protected Access

Generally, this field alone does not provide enough information to determine if a device is a rogue, but it

is a useful attribute. If a rogue is not running any encryption method, you have a wider security hole

than with an AP that is using encryption.

Ch Indicates the most recent RF channel on which the rogue was detected. NOTE: it may be detected on

more than one channel if it contains more than one radio.

LAN MAC Address The LAN MAC address of the rogue device.

LAN Vendor Indicates the LAN vendor of the rogue device, when known.

Table 101 RAPIDS > List Column Definitions (Continued)

Column Description