DescriptionConfiguring the AP Access and Block Lists for Rogue AP Detection-Mitigation
ScopeKB ARTICLE TYPE:
Configuration
RELATED PRODUCTS:
AP
RELATED SOFTWARE VERSIONS:
N/A
KEYWORDS: BSSID, Rogue-AP,
AP
SolutionRogue APs are unauthorized
wireless access points. Valid network users should not be allowed to
connect to the rogue APs because rogues pose a security risk to the
corporate network. To prevent clients of unauthorized APs from accessing
your network, enable the options for both scanning for the presence of
rogue APs and mitigating the client traffic originating from them. These
features are set globally, with the controller managing the lists of
allowable and blocked WLAN BSSIDs and coordinating the set of APs (the
Mitigating APs) that perform mitigation when a rogue AP is detected.
The
feature uses an Access Control List (ACL) containing a list of allowed
BSSIDs and a list of Blocked BSSIDs. By default, all Meru ESS BSSIDs in
the WLAN are automatically included in the allowed ACL. A BSSID cannot
appear in both
lists.
CONFIGURATION
STEPS:
GUI
Steps:
STEP
1: Go
to "Configuration" tab >> "Wireless IDS/IPS"
>> "Rouge
APs".
STEP
2: Under "Global settings" tab turn On
Detection.
STEP
3: To
add an AP in the allowed list: Go to "Configuration tab"
>> "Wireless IDS/IPS" >> "Rogue APs"
>> "Allowed
APs".
STEP
4:
Click "Add" type the BSSID, in hexadecimal format, of the permitted
access point. Click "OK". To delete a BSSID from the list, select the
BSSID, click "Delete", and then
"OK".
STEP
5: To
add an AP in the blocked list: Go to "Configuration tab"
>> "Wireless IDS/IPS" >> "Rogue APs"
>> "Blocked
APs".
STEP
6: Click "Add" type the BSSID, in hexadecimal format, of
the access point. Click
"OK".
The
blocked BSSID now appears on the list with the following
information:
*BSSID
- The access point's BSSID.
*Creation Time - The timestamp of
when the blocked AP entry was created.
*Last Reported Time -
The time the AP was last discovered. If this field is blank, the AP has
not been discovered yet.
To remove a blocked BSSID from the
ACL, select the checkbox of the blocked AP entry you want to delete,
click "Delete", and then click
"OK".
STEP
7:
This presence of the rogue AP generates alarms that are noted on the
"Monitoring Dashboard" and via "syslog alarm" messages so the
administrator is aware of the situation and can then remove the
offending AP or update the configuration
list.
“Monitor” >>
“Alarms” >> “Pending
alarms” or Go to “Maintenance”
>> “Syslog” >>
“View Syslog
files”.
CLI
Steps:
To
enable Rogue Detection and to add the Rogue-AP
ACL:
MeruController1# configure
terminal
MeruController1(config)# rogue-ap
detection
MeruController1(config)# rogue-ap
acl 00:0e:cd:cb:cb:cb [Adding an AP with a BSSID of 00:0e:cd:cb:cb:cb to
the ACL as an authorized access point
]
To
Remove a Rogue-AP ACL and to add it in Rogue-AP Blocked
list:
Suppose 00:0c:e6:cd:cd:cd is to be placed on the blocked
list. If this BSSID is already on the authorized list, you must remove
the BSSID from the authorized list, and then add the BSSID to the
blocked
list:
MeruController1(config)# no rogue-ap acl
00:0c:e6:cd:cd:cd
MeruController1(config)#
MeruController1(config)#
rogue-ap blocked 00:0c:e6:cd:cd:cd
MeruController1(config)#
exit
To
view the Rouge-AP configuration, Rogue-AP ACL, Rogue-AP Blocked
list:
To
confirm the rogue AP detection
state:
MeruController1#show rogue-ap
globals
To see
a listing of all BSSIDs on the authorized list and the Blocked
list:
MeruController1#show rogue-ap
acl
MeruController1#show rogue-ap blocked
LIMITATIONS IF
ANY:
The
Rogue AP Detect and Mitigate features are not supported on the OAP180,
AP150, or RS4000.
On AP300, Rogue AP Detection is supported but
Mitigation is not supported. To be verified for
AP1000
