Step 1 |
configure terminal
Example:
Controller# configure terminal
|
Enters global configuration mode.
|
Step 2 | wireless wps rogue rule
rule-name
priority
priority
Example:
Controller(config)# wireless wps rogue rule rule_3 priority 3
Controller(config-rule)#
|
Creates or
enables a rule. While creating a rule, you must enter priority for the rule.
Note
| After
creating the rule, if you are editing the rule, you can change the priority
only for the rogue rules that are disabled. You cannot change priority for the
rogue rules that are enabled. While editing, changing the priority for a rogue
rule is optional.
|
|
Step 3 | classify {friendly |
malicious}
Example:
Controller(config)# wireless wps rogue rule rule_3 priority 3
Controller(config-rule)# classify friendly
|
Classifies a
rule.
|
Step 4 | condition {client-count
|
duration
|
encryption
|
infrastructure
|
rssi
|
ssid}
Example:
Controller(config)# wireless wps rogue rule rule_3 priority 3
Controller(config-rule)# condition client-count 5
|
Specifies to
add the following conditions to a rule that the rogue access point must meet.
-
client-count—Requires that a minimum number of
clients be associated to the rogue access point. For example, if the number of
clients associated to the rogue access point is greater than or equal to the
configured value, then the access point could be classified as malicious. If
you choose this option, enter the minimum number of clients to be associated to
the rogue access point for the
condition_value parameter. The valid range is 1 to
10 (inclusive), and the default value is 0.
-
duration—Requires that the rogue access point be
detected for a minimum period of time. If you choose this option, enter a value
for the minimum detection period for the
condition_value parameter. The valid range is 0 to
3600 seconds (inclusive), and the default value is 0 seconds.
-
encryption—Requires that the advertised WLAN does
not have encryption enabled.
-
infrastructure—Requires the SSID to be known to
the controller.
-
rssi—Requires that the rogue access point have a
minimum RSSI value. For example, if the rogue access point has an RSSI that is
greater than the configured value, then the access point could be classified as
malicious. If you choose this option, enter the minimum RSSI value for the
condition_value parameter. The valid range is –95
to –50 dBm (inclusive), and the default value is 0 dBm.
-
ssid—Requires that the rogue access point have a
specific SSID. You should add SSIDs that are not managed by the controller. If
you choose this option, enter the SSID for the
condition_value parameter. The SSID is added to
the user-configured SSID list.
|
Step 5 | match {all |
any}
Example:
Controller(config)# wireless wps rogue rule rule_3 priority 3
Controller(config-rule)# match all
|
Specifies
whether a detected rogue access point must meet all or any of the conditions
specified by the rule in order for the rule to be matched and the rogue access
point to adopt the classification type of the rule.
|
Step 6 | default
Example:
Controller(config)# wireless wps rogue rule rule_3 priority 3
Controller(config-rule)# default
|
Specifies to
set a command to its default.
|
Step 7 | exit
Example:
Controller(config)# wireless wps rogue rule rule_3 priority 3
Controller(config-rule)# exit
Controller(config)#
|
Specifies to
exit the sub-mode.
|
Step 8 |
shutdown
Example:
Controller(config)# wireless wps rogue rule rule_3 priority 3
Controller(config-rule)# shutdown
|
Specifies to
disable a particular rogue rule. For example, the rule
rule_3 is
disabled.
|
Step 9 | end
Example:Controller(config)# end
| Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.
|
Step 10 |
configure terminal
Example:
Controller# configure terminal
|
Enters global configuration mode.
|
Step 11 | wireless wps rogue rule
shutdown
Example:
Controller(config)# wireless wps rogue rule shutdown
|
Specifies to
disable all the rogue rules.
|
Step 12 | end
Example:Controller(config)# end
| Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.
|