Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Airwave

201

202

203

204

205

206

207

208

209

210

Option Description

Wireline Properties

Detected on LAN Rogue is detected on the wired network. Select Yes or No.

Fingerprint Scan Rogue matches fingerprint parameters.

IP Address Rogue matches a specified IP address or subnet. Enter IP address or subnet

information as explained by the fields.

OUI Score Rogue matches manufacturer OUI criteria. You can specify minimum and maximum

OUI score settings from two drop-down lists. Select remove to remove one or both

criteria, as desired.

Operating System Rogue matches OS criteria. Specify matching or non-matching OS criteria as

prompted by the fields.

Wireless/Wireline Properties

Manufacturer Rogue matches the manufacturer information of the rogue device. Specify matching

or non-matching manufacturer criteria.

MAC Address Rogue matches the MAC address. Specify matching or non-matching address

criteria, or use a wildcard (*) for partial matches.

Dell Controller Properties

Controller

Classification

Rogue matches the specified controller classification.

Confidence Rogue falls within a specified minimum and maximum confidence level, ranging

from 1 to 100.

Table 104: Properties Drop Down Menu (Continued)

After creating a new rule, click Add to return to the RAPIDS > Rules page. Click Save and Apply to have the

new rule take effect.

Deleting or Editing a Rule

To delete a rule from the RAPIDS rules list, go to the RAPIDS > Rules page. Select the check box next to the rule

you want to delete, and click Delete. The rule is automatically deleted from RAPIDS > Rules.

To edit any existing rule, select its pencil icon to launch the RAPIDS Classification Rule page (see Figure 111).

Edit or revise the fields as necessary, then click Save.

To change the sequence in which rules apply to any rogue device, drag and drop the rule to a new position in the

rules sequence.

Recommended RAPIDS Rules

l If Any Device Has Your SSID, then Classify as Rogue

The only devices broadcasting your corporate SSID should be devices that you are aware of and are managed

by W-AirWave. Rogue devices often broadcast your official SSID in an attempt to get access to your users, or

to trick your users into providing their authentication credentials. Devices with your SSID generally pose a

severe threat. This rule helps to discover, flag, and emphasize such a device for prompt response on your

part.

l If Any Device Has Your SSID and is Not an Ad-Hoc Network Type, then Classify as Rogue

Dell Networking W-AirWave 8.2.4 | User Guide Using RAPIDS and Rogue Classification | 208