351
DWS-1008 User’s Manual
D-Link Systems, Inc.
Rogue Detection and Countermeasures
The following example shows the permitted vendor list on switch:
DWS-1008#
show rfdetect vendor-list
Total number of entries: 1
OUI
Type
-----------------
-------
aa:bb:cc:00:00:00 client
11:22:33:00:00:00 ap
To remove an entry from the permitted vendor list, use the following command:
clear
rfdetect
vendor-list
{
client
|
ap
} {
mac-addr
|
all
}
The following command removes client OUI aa:bb:cc:00:00:00 from the permitted vendor
list:
DWS-1008#
clear rfdetect vendor-list client aa:bb:cc:00:00:00
success: aa:bb:cc:00:00:00 is no longer in client vendor-list.
Configuring a Permitted SSID List
The permitted SSID list specifies the SSIDs that are allowed on the network. If MSS detects
packets for an SSID that is not on the list, the AP that sent the packets is classified as a
rogue. MSS issues countermeasures against the rogue if they are enabled.
By default, the permitted SSID list is empty and all SSIDs are allowed. If you configure a
permitted SSID list, MSS allows traffic only for the SSIDs that are on the list. The permitted
SSID list applies only to the switch on which the list is configured. DWS-1008 switches do not
share permitted SSID lists.
To add an SSID to the list, use the following command:
set
rfdetect
ssid-list
ssid-name
The following command adds SSID
mycorp
to the list of permitted SSIDs:
DWS-1008#
set rfdetect ssid-list mycorp
success: ssid mycorp is now in ssid-list.
To display the permitted SSID list, use the following command:
show rfdetect ssid-list
Summary of Contents for DWS-1008
Page 1: ......