Advanced Configuration
Rogue Access Point Detection (RAD)
The Rogue AP Detection (RAD) feature provides an additional security level for wireless LAN deployments. RAD
detects unauthorized Access Points in the coverage area. When enabled, the Access Point scans the coverage area
and identifies all active Access Points. Support is available for all versions and operation modes of Access Points. For
example, an 802.11a Access Point identifies all similar Access Points. However, it will not detect Access Points that
are not of this type like 802.11b and 802.11g.
The Rogue AP Scan employs background scanning using low-level 802.11 scanning functions for effective wireless
detection of Access Points in its coverage area with minimal impact on the normal operation of the Access Point.
This RAD feature can be enabled on an Access Point with its HTTP, CLI, or SNMP Interfaces. The scan repetition
duration is configurable. If the Access Point uses directional antennas to provide directional coverage, then the
interface bitmask can be configured to maximize the scanning coverage area. The Access Point will periodically scan
the wireless network and report all the available Access Points within its coverage area using SNMP traps. For
additional reliability the results are stored in the Access Point in a table, which can be queried by way of SNMP. The
BSSID and Channel number of the detected Access Points are provided in the scan results.
The RAD scan is done on a channel list initialized based on the regulatory domain of the device. The RAD Scan then
performs background scanning on all the channels in this channel list using 802.11 MAC scanning functions. It will
either actively scan the network by sending probe requests or passively scan by only listening for beacons. The access
point information is then gathered from the probe responses and beacons.
To minimize traffic disruption and maximize the scanning efficiency, the RAD feature employs an enhanced
background-scanning algorithm and uses the CTS to Self mechanism to keep the clients silent. The scanning
algorithm allows traffic to be serviced between each channel scan. Before start of every scan (except scan on the
working channel) the CTS to self-mechanism is used to set the NAV values of clients to keep them silent during the
scanning period. In addition, the scan repetition duration can also be configured to reduce the frequency of RAD scan
cycles to maximize Access Point performance.
RAD Configuration Requirements
The RAD feature can be configured/monitored by way of the HTTP, CLI, or SNMP management interfaces.
The following management options are provided:
• The RAD feature can be enabled or disabled.
• The repetition interval of RAD can be configured.
• The interface on which RAD can operate can be configured.
• SNMP Traps are sent after completion of a RAD scan cycle and also whenever a new Access Point is detected.
• Additionally, the RAD scan results are maintained in a table that can be queried by way of SNMP.
The system administrator has to enable RAD on the Access Points in the wireless network and also configure the Trap
Host on all these Access Points to the IP address of the management station. The Access Points on detecting a new
Access Point sends a RAD Scan Result Trap to the management station.
Trusted AP
Rogue AP
520wl
520wl
Figure 4-17 Example Rogue AP Detection Deployment
4-41