June 30, 2006
Confidential
Document Number BDTM10001-A05 Standard
BelAir100 User Guide
Wireless Security
Example 2
/# cd radio
/radio# set arm1 secure-port enabled
Detecting Rogue
Access Points
Rogue access points may be installed on a corporate network by employees
using low-cost equipment they purchased themselves. The rogue access points
are often installed inside the corporate firewall with even the most basic
security settings disabled, thus creating the potential for network security
breaches. A rogue device may also be connected to a totally separate wired
network that happens to be near corporate facilities but is still accessible to
client devices within the enterprise.
For public networks, numerous Wi-Fi networks may exist “underneath” the
public network, being in or near the coverage area.
In some cases, a rogue access point may present a security concern. In all cases,
rogue access points are a source of interference and capacity degradation for
the network being deployed.
The following commands assist you in detecting unauthorized “rogue” wireless
access points:
show arm<n> rogue-ap
show brm<n> rf_survey
These commands display several information items for every access point
“visible” to a BelAir100’s radio using a particular channel. The displayed
information can help you identify and locate rogue access points. The displayed
information includes the following information about the detected access
points:
• the access point’s MAC address
• the channel number it is using
• its SSID
• the Remote Signal Strength Indication (RSSI) of the link in dBm
• the age of the association (number of seconds since last signal was received
from the MAC address)
• the BSS configuration type, either
infra
(for infrastructure) or
adhoc
• whether privacy is enabled or not
Note: This command may not detect rogue access points that use a channel
that is different than the radio’s channel. You can choose to change the
radio’s channel and repeat this command to detect all possible rogue
access points. However, changing a radio’s channel is service affecting