User's Manual

ManualsBrandsMojo Networks ManualsElectronicsSPECTRAGUARD SENSOR

SettingȱupȱtheȱServerȱConsoleȱ

SpectraGuard

ȱEnterpriseȱInstallationȱGuideȱ

¾ Any:ȱAllowȱAPsȱwithȱanyȱauthenticationȱframeworkȱtoȱconnectȱtoȱtheȱsystemȱ

¾ Select:ȱSpecifyȱtheȱauthenticationȱframework–PSKȱandȱ802.1xȱ(EAP).ȱTheȱauthenticationȱframeworkȱisȱonlyȱ

applicableȱifȱtheȱtemplateȱsupportsȱWPA/WPA2ȱandȱ802.11iȱprivacyȱ

x EncryptionȱProtocolsȱallowsȱyouȱtoȱselectȱtheȱallowedȱencryptionȱprotocolsȱforȱtheȱSSID:ȱ

Any:ȱAllow

ȱAPsȱwithȱanyȱencryptionȱprotocolȱforȱthisȱSSIDȱ

¾ Select:ȱSpecifyȱtheȱencryptionȱprotocols–WEP40,ȱWEP108,ȱTKIP,ȱandȱCCMP.ȱTKIPȱandȱCCMPȱareȱavailableȱonlyȱ

ifȱtheȱtemplateȱsupportsȱWPA/WPA2ȱandȱ802.11iȱprivacyȱ

x SecurityȱSettingsȱallowsȱyouȱtoȱselectȱtheȱsecurityȱprotocol(s)ȱforȱtheȱSSID:ȱ

¾ Any:ȱAllowȱ

APsȱwithȱanyȱsecurity

ȱsettingsȱtoȱconnectȱ

¾ Select:ȱSpecifyȱtheȱprivacyȱmechanism–Open,ȱWEP,ȱWPA,ȱandȱ802.11iȱforȱtheȱAPsȱconnectedȱtoȱtheȱSSIDȱ

x CiscoȱMFPȱallowsȱyouȱtoȱmakeȱclassificationȱdecisionsȱonȱCiscoȱManagementȱFrameȱProtection(MFP)ȱcapabilityȱifȱ

802.11iȱcheckboxȱisȱselectedȱunderȱSecurityȱSettings:ȱ

¾ Any:ȱPolicyȱ

doesȱnotȱcheckȱforȱMFP;ȱ

bothȱCiscoȱMFPȱenabledȱandȱdisabledȱAPsȱareȱclassifiedȱasȱAuthorizedȱ

¾ Select:ȱPolicyȱchecksȱforȱMFPȱ

 CiscoȱMFPȱEnabled:ȱSelectȱtoȱclassifyȱonlyȱCiscoȱMFPȱsupportingȱAPsȱasȱAuthorizedȱAPsȱ

 CiscoȱMFPȱDisabled:ȱSelectȱtoȱclassifyȱnonȬCiscoȱMFPȱsupportingȱAPsȱasȱAuthorizedȱAPsȱ

x APȱCapabilitiesȱallowsȱyou

ȱtoȱselectȱtheȱadditionalȱcapabilitiesȱthatȱAuthorizedȱAPsȱmayȱhave.ȱIfȱyouȱselectȱanyȱofȱ

theseȱadvancedȱcapabilities,ȱtheȱclassificationȱlogicȱallowsȱAPsȱwithȱandȱwithoutȱtheseȱcapabilities.ȱSelectȱoneȱofȱtheȱ

following:ȱ

¾ Any:ȱAllowȱAPsȱwithȱanyȱspecialȱcapabilityȱforȱthisȱ

SSIDȱ

¾ Select:ȱSpecifyȱifȱtheȱAPȱusesȱ

anyȱTurbo/SuperȱtechniquesȱusedȱbyȱAtherosȱtoȱgetȱhigherȱthroughputs–Turbo,ȱ

SuperAG,ȱandȱDot11nȱ(802.11n)ȱ

x AuthenticationȱTypesȱallowsȱyouȱtoȱselectȱtheȱallowedȱauthenticationȱtypesȱthatȱClientsȱcanȱuse.ȱAuthenticationȱ

typesȱdoȱnotȱdetermineȱtheȱclassificationȱofȱAPs,ȱbutȱareȱusedȱtoȱraiseȱanȱeventȱifȱaȱClientȱisȱauthenticatedȱviaȱ

aȱnonȬ

allowedȱauthenticationȱtype.ȱTheȱsystemȱraisesȱthisȱeventȱonlyȱifȱtheȱsystemȱseesȱauthenticationȱprotocolȱhandshakeȱ

frames.ȱ

¾ Any:ȱAllowȱClientsȱwithȱanyȱauthenticationȱtypeȱforȱthisȱSSIDȱ

¾ Select:ȱSpecifyȱtheȱauthenticationȱtypesȱthatȱClientsȱcanȱuseȱ(onlyȱifȱ

802.1xȱisȱselected)–PEAP,ȱEAPȬTLS,ȱLEAP,ȱ

EAPȬTTLS,ȱEAPȬFAST,ȱandȱEAPȬSIMȱSelectionȱisȱallowedȱ

x AllowedȱNetworksȱallowsȱyouȱtoȱselectȱtheȱnetworksȱwhereȱAuthorizedȱAPsȱwithȱthisȱSSIDȱareȱconnected:ȱ

¾ Any:ȱAllowȱAPsȱwithȱthisȱSSIDȱtoȱconnectȱtoȱanyȱnetworkȱ

¾ SelectȱNetworks:ȱSpecifyȱtheȱnetworksȱwhereȱAuthorizedȱAPsȱwithȱthisȱSSIDȱareȱconnected.ȱYouȱcanȱeither

chooseȱfromȱnetworksȱthatȱareȱdiscoveredȱautomaticallyȱbyȱtheȱsystemȱorȱaddȱnewȱnetworksȱthatȱareȱnotȱyetȱ

discoveredȱbyȱtheȱsystemȱ

 Clickȱ<SelectȱNetworks>ȱtoȱopenȱAllowedȱNetworksȱforȱSSIDȱdialogȱwhereȱyouȱcanȱmoveȱaȱ

networkȱfromȱ

NetworksȱMonitoredȱbyȱtheȱSystemȱtoȱAllowedȱNetworksȱforȱthis

ȱSSIDȱandȱaddȱorȱdeleteȱnetworks.ȱ

x UnderȱAllowedȱAPȱVend ors ,ȱselectȱoneȱofȱtheȱfollowing:ȱ

¾ Any:ȱAllowȱAPsȱmanufacturedȱbyȱanyȱvendorȱtoȱconnectȱtoȱtheȱsystemȱ

¾ SelectȱVendors:ȱSelectȱtheȱmanufacturerȱofȱtheȱAPȱwithȱtheȱspecifiedȱSSID.ȱIfȱanȱAPȱwithȱtheȱspecifiedȱSSIDȱisȱ

discoveredȱ

atȱthisȱlocation,ȱtheȱsystemȱdeclaresȱitȱasȱaȱRogue,ȱunlessȱoneȱofȱtheȱmanufacturersȱlistedȱ

manufacturesȱit.ȱ

SSIDȱTemplates

AȱpolicyȱisȱcollectionȱofȱSSIDȱtemplatesȱattachedȱtoȱthatȱlocation.ȱYouȱcanȱapplyȱanȱSSIDȱtemplateȱfromȱtheȱparentȱorȱcreateȱitȱ

locally;ȱifȱyouȱwishȱtoȱcustomizeȱtheȱWLANȱpolicyȱforȱthatȱlocation.ȱOtherȱtemplatesȱmayȱbeȱavailableȱtoȱbeȱattachedȱbutȱareȱ

notȱpartȱofȱtheȱWLANȱ

policyȱandȱwillȱnotȱbeȱusedȱforȱAPȱclassification.ȱ

TheȱSSIDȱTemplatesȱsectionȱlistsȱtheȱSSIDȱtemplatesȱthatȱareȱavailableȱatȱaȱparticularȱlocation.ȱYouȱmustȱapplyȱtheȱtemplatesȱ

fromȱtheȱavailableȱlistȱtoȱcreateȱtheȱWLANȱpolicyȱatȱthatȱlocation.ȱAȱnewȱAPȱorȱanȱexistingȱAuthorizedȱAPȱisȱcompared

ȱagainstȱ

theȱappliedȱSSIDȱtemplatesȱtoȱdetermineȱifȱitȱisȱaȱRogueȱorȱMisȬconfiguredȱAP.ȱTheȱSSIDȱtemplatesȱcreatedȱatȱotherȱlocationsȱ

canȱbeȱappliedȱtoȱaȱselectedȱlocationȱbutȱcannotȱbeȱeditedȱorȱdeleted.ȱTheȱeditȱandȱdeleteȱoperationsȱareȱpossibleȱonlyȱatȱtheȱ

locationȱwhereȱtheȱtemplateȱ

isȱcreated.ȱTheȱtableȱshowsȱtheȱfollowingȱdetails:ȱ