Information About Classifying Rogue Access Points
The embedded wireless controller software enables you to create rules that can organize and display rogue access points as Friendly, Malicious, or Unclassified.
By default, none of the classification rules are used. You need to enable them. Therefore, all unknown access points are categorized as Unclassified. When you create or change a rule, configure conditions, and enable it, all rogue access points are then reclassified. Whenever you change a rule, it is applied to all the access points (friendly, malicious, and unclassified).
Note |
|
When the embedded wireless controller receives a rogue report from one of its managed access points, it responds as follows:
-
If the unknown access point is in the friendly MAC address list, the embedded wireless controller classifies the access point as Friendly.
-
If the unknown access point is not in the friendly MAC address list, the embedded wireless controller starts applying the rogue classification rules to the access point.
-
If the rogue access point matches the configured rules criteria, the embedded wireless controller classifies the rogue based on the classification type configured for that rule.
-
If the rogue access point does not match any of the configured rules, the rogue remains unclassified.
The embedded wireless controller repeats the previous steps for all the rogue access points.
-
If the rogue access point is detected on the same wired network, the embedded wireless controller marks the rogue state as Threat and classifies it as Malicious automatically, even if there are no configured rules. You can then manually contain the rogue to change the rogue state to Contained. If the rogue access point is not available on the network, the embedded wireless controller marks the rogue state as Alert. You can then manually contain the rogue.
-
If desired, you can manually move the access point to a different classification type and rogue state.
Rule-Based Classification Type |
Rogue State |
---|---|
Friendly |
|
Malicious |
|
Unclassified |
|
As mentioned earlier, the embedded wireless controller can automatically change the classification type and rogue state of an unknown access point based on user-defined rules. Alternatively, you can manually move the unknown access point to a different classification type and rogue state.