D-Link DWS-1008 User Manual
80
Countermeasures
You can enable MSS to use countermeasures against rogues. Countermeasures consist of packets
that interfere with a client’s ability to use the rogue. Countermeasures are disabled by default. You can
enable them on an individual radio-profile basis. When you enable them, all devices of interest that are
not in the known devices list become viable targets for countermeasures.
Countermeasures can be enabled against all rogue and interfering devices, against rogue devices only,
or against devices explicitly configured in the switch’s attack list.
Summary of Rogue Detection Features
The table below lists the rogue detection features in MSS.
Rogue Detection
Feature
Description
Applies To
Third-Party APs
Clients
Classification
MSS can classify third-party APs as rogues or
interfering devices. A rogue is a third-party AP whose
MAC address MSS knows from the wired side of the
network. An interfering device does not have a MAC
address known on the wired side. MSS can detect rogue
clients, locate their APs, and issue countermeasures
against the APs.
Yes
Yes
Permitted vendor list
List of OUIs to allow on the network. An OUI is the first
three octets of a MAC address and uniquely identifies
an AP’s or client’s vendor.
Yes
No
Permitted SSID list
List of SSIDs allowed on the network. MSS can issue
countermeasures against third-party APs sending
traffic for an SSID that is not on the list.
Yes
Yes
Client black list
List of client or AP MAC addresses that are not allowed
on the wireless network. MSS drops all packets from
these clients or APs.
Yes
Yes
Attack list
List of AP MAC addresses to attack. MSS can issue
countermeasures against these APs whenever they
are detected on the network.
Yes
No
Ignore list
List of MAC addresses to ignore during RF detection.
MSS does not classify devices on this list as rogues or
interfering devices, and does not issue countermeasures
against them.
Yes
Yes
Countermeasures
Packets sent by D-Link APs to interfere with the operation
of a rogue or interfering device. Countermeasures are
configurable on a radio-profile basis.
Yes
Yes
Active scan
Active scan sends probe any requests (probes with a
null SSID name) to look for rogue APs.
Active scan is configurable on a radio-profile basis.
Yes
No
D-Link AP signature
Value in an AP’s management frames that identifies
the AP to MSS. AP signatures help prevent spoofing of
the AP MAC address.
No
No
Log messages and
traps
Messages and traps for rogue activity.
Yes
Yes
Summary of Contents for DWS-1008
Page 1: ......