Rogue detection, Event logging, Current hour rogue list – 3Com Wireless LAN Controller WX2200 User Manual

46

C

HAPTER

2: P

LANNING

AND

M

ANAGING

Y

OUR

W

IRELESS

N

ETWORK

WITH

3WXM

Rogue Detection

A rogue AP is an access point that is not authorized to operate in or near
your network. You can use RF countermeasures to deny service to or
from a targeted rogue AP, and render them ineffective. Once a rogue AP
is detected and reported, the closest 3Com MAP is assigned to perform
RF countermeasures. By spoofing various 802.11 control messages, the
MAP’s countermeasures disrupt association and authentication attempts
to the rogue AP by any new clients. This also disrupts any active
communications between any existing client and rogue AP.

You can collect statistics and view reports on:

„

Current rogue list, aggregated for the whole network

„

Current hour rogue list

„

Current day rogue list

„

30 days of rogue history, using best listener data

„

Rogue lifecycle events (when the rogue was first seen, by whom, and
when it went away)

„

Counter-measure activity

The number of currently detected rogues is conveniently displayed in the
Alerts panel.

If you use 3WXM RF Planning, you also can display the approximate
geographic locations of rogue devices and their clients.

Event Logging

3WXM incorporates a powerful and flexible display interface for all
events collected by the system. Events are stored on a per-WX basis and
are collected continuously. Customizable filters can be created to easily
drill down to specific information the event log database. You can filter
events based on:

„

Category

„

Severity

„

Date and time ranges

„

WX switch

„

3WXM client and services log

„

Specific text string matches