Technical data
196 Meru System Director Configuration Guide © 2012 Meru Networks, Inc.
Modifying Detection and Mitigation CLI Settings
Changing the Minimum RSSI with the CLI
RSSI is the threshold for which APs attempt to mitigate rogues; if the signal is very
week (distant AP), APs won’t try to mitigate it.
The command to change the minimum RSSI (Received Signal Strength Indication)
level, over which a station will be mitigated is rogue-ap min-rssi. A level range of 0
of -100 is supported, with -100 being the default setting.
The following command sets the minimum RSSI level to -80:
controller(config)# rogue-ap min-rssi -80
controller(config)#
Configure Rogue AP Mitigation with the Web UI
To prevent clients of unauthorized APs from accessing your network, enable the
options for both scanning for the presence of rogue APs and mitigating the client
traffic originating from them. These features are set globally, with the controller
managing the lists of allowable and blocked WLAN BSSIDs and coordinating the set of
APs (the Mitigating APs) that perform mitigation when a rogue AP is detected.
When rogue AP scanning (detection) is enabled, for any given period, the AP spends
part of the time scanning channels (determined by the Scanning time in ms setting),
and part of the time performing normal AP WLAN operations on the home channel
(determined by the Operational time in ms setting). This cycle of scan/operate
repeats so quickly that both tasks are performed without noticeable network opera-
tion degradation.
The channels that are scanned by a particular AP are determined by the model of AP.
As a result of the channel scan, a list of rogue APs is compiled and sent by the
controller to a number of Mitigating APs that are closest to the rogue AP. Mitigating
APs send mitigation (deauth) frames to the rogue AP where clients are associated to
remove those clients from the network. This presence of the rogue AP generates
alarms that are noted on the Web UI monitoring dashboard and via syslog alarm
messages so the administrator is aware of the situation and can then remove the
offending AP or update the configuration list.
As well, if a rogue device seen on the wired interface of the AP and if the device is
in the AP’s discovered list of stations a wired rogue notification will be sent via the
Web UI monitoring dashboard and syslog alarm message. If the rogue client is associ-
ated with the AP, that client is also classified as a rogue.
Alter the List of Allowed APs with the Web UI
To change the list of allowed APs, follow these steps:
1. From the Web UI, click Configuration > Wireless IDS/IPS > Rogue APs > Allowed
APs.
The Allowed APs screen appears. See Figure 28.