Villain recognition
Villain
Dishonest access points can interfere with wireless LAN operations that kidnap legitimate customers and using non -format text or other service attacks or garbage attacks. This means that a hacker can use a dishonest access point to get confidential information, such asUser names and hacker passwords. Then you can broadcast a series of Marcos CTS (Clara -To -sing). This campaign is based on a point of access, informs a particular customer who transfer and wait for all other customers,This means that legitimate customers do not have access to network resources. LAN wireless service providers are very interested in banning dishonest airspace access points.
As rebel access points are economical and easily available, employees sometimes include unauthorized dishonest access points in existing Lans and create ad -hoc -hoc networks without knowledge or approval of their department. They represent network security becauseThey can connect to a network port behind the company's fire brigade. As employees usually do not activate any security configuration at the dishonest access point, it is easy for unauthorized users to use the access point for network traffic and kidnappingcapture customer sessions. There is a greater probability that corporate safety violation is more likely to be combined with access points on the business network.
Then some guidelines for villain device management are listed:
-
Access points are intended to serve associated customers. This is relatively smaller to scan the channel: approximately 50 milliseconds on each channel.Example, 120 or 60 seconds to ensure that radio is no longer a channel, which improves rebel detection opportunities. However, the access point also spends approximately 50 milliseconds for each channel.
-
Villain detection is deactivated by default for OfficeXtend access points as they can probably identify many devices in a home environment.
-
Implementation of customer cards can reduce the effectiveness of containment. However, you can offer the vessel client's eyebrow experience would be seriously affected if it is contained.
-
It is possible to classify and enter dishonest points using rebel states and personalized classification rules that allow villains to move automatically between states.
-
Each controller limits the number of villain controls to three and six by radio to access points in monitor mode.
-
If manual containment is performed using a configuration, the dishonest input will also be received after the expiration of the Rogue input.
-
When a villain entrance is executed, the administered access points will receive instructions to interrupt active containment.
-
If the validation of Lobpul -Client is activated against AAA, the controller only requires the AAA server once according to dishonest validation.Validation of dishonest clients against AAA.
Villain Detection Restrictions
-
Bandits containment is not compatible with DF channels.
A dishonest access point moves automatically or manually for a state. Configure the controller to use only the access point of the monitor mode.
-
The container's access point regularly passes through the content list and sends the unidifusion containment tables. For the containment of the dishonest access point, the tables are sent only if a villain is assigned.
-
Every time an activity of a villain is recognized, pollution paintings are transmitted.
In individual dishonest containment, a sequence of disassembly structure and unidifusion marking is sent.
Interaction of Cisco Prime infrastructure and dishonest calculation
Cisco Prime Infrastructure supports the rule -based classification and uses the classification rules configured in the controller. After the following events, the controller sends Cisco Infrastructure Prime:
-
When an unknown access point changes to the friendly state for the first time, the controller sends a trapCisco Prime InfrastructureOnly when the villain is vigilant, do not send a trap if the villain is internal or external.
-
If a villain entrance is eliminated after the time exceeds the time, the controller sends a trap to a trapCisco Prime InfrastructureFor dishonest access points that are classified as malicious (vigilant, threatened) or non -gigants (alarmed).
AP identity recognition
The various methods to recognize AP realism are:
-
Imitation AP can be recognized if an AP administered informs as a villain. This method is always activated and the configuration is not necessary.
-
The detection of AP imitation change is based on MFP.
The MFP infrastructure protects 802.11 switching functions by adding information sent to the administrative structure (and not by customers sent) that is validated by another AP on the network.Yes, check the administrators administered if the microphone information elements are available and if availableAnd if available and if the microphone information elements are expected. If one of these conditions is not met, AP Rogue AP reports will send an updated AP error.
Villain Detection Configuration (GUI)
process
| Paso 1 | ChooseBuilding>Tags and profile>AP If a. |
| Paso 2 | tightenAP Join -profilNameHow to edit the properties of the AP -Join profile. |
| Paso 3 | Dele.Edit AP -Joy profileWindows clique noValle APAba. |
| Paso 4 | Check aVillain recognitionControl boxes for villain detection. |
| Paso 5 | Dele.At least rsi for villain detectionField Enter the RSI value. |
| Paso 6 | Dele.Villain detection transition intervalEnter the field, type the interval in seconds. |
| Paso 7 | Dele.Villain Recognition Report IntervalField Enter the report interval report in seconds. |
| Paso 8 | Dele.Dishonest Detection Customer Number LimitField enters the threshold for villain client detection. |
| Paso 9 | Check aAutomatic containment at FlexConnect StandaloneImage control to activate automatic containment. |
| Paso 10 | clickUpdate and apply to the device. |
Villain Detection Configuration (CLI)
process
| Command O ACCION | objective | |||
|---|---|---|---|---|
| Paso 1 | to set up terminal Example: | Access the global configuration mode. | ||
| Paso 2 | AP -PROFILE Name Min-RSSI PICACORS RSSI en dbm Example: | Enter the minimum value of RSI that the villains for AP recognize and create for the entrance of villains, in which it is createddevice. The valid area for RSI in DBM parameter is –128 dbm to -70 dbm and the standard value -128 dbm.
| ||
| Paso 3 | AP -PROFILE Name Isolation of villain recognition {Automatic fee|Flexion rate} Example: | Indicate dishonest containment options.Automatic feeThe option allows an automatic rate for containing villains.Flexion rateThe option allows the dishonest containment of the independent flexconnect. | ||
| Paso 4 | AP -PROFILE Name Activate Villain Detection Example: | Allows the detection of villains in all APs. | ||
| Paso 5 | AP -PROFILE Name Dishonest detection report interval Time in seconds Example: | Configure the Rogue Report Interval to Cisco Monitor mode APS. The valid area to inform the interval in seconds is 10 seconds to 300 seconds. |
Set up RSII Deviation Notification Threshold for dishonest APS (CLI)
process
| Command O ACCION | objective | |
|---|---|---|
| Paso 1 | to set up terminal Example: | Access the global configuration mode. |
| Paso 2 | Wiral WPS Rogue AP Sie-Greesi Notification Example: | Configure ROGS RSSI deviation. |
| Paso 3 | Final Example: | Return to privileged executive mode. You can also press the alternativeRg-sTo finish the global configuration mode. |
Configure the protection of the administrative framework (GUI)
process
| Paso 1 | ChooseBuilding>safety>Wireless Protection Guidelines. |
| Paso 2 | Dele.Villain policyGuide belowMFP SettingsSection, check theStatus global do MFPControl boxes andAP identity recognitionControlled check boxes to activate general MFP status or AP meditation detection. |
| Paso 3 | Dele.MFP buttonField, indicate the update interval in hours. |
| Paso 4 | clickApply. |
Configure the protection of the administrative structure (CLI)
process
| Command The Acción | objective | |
|---|---|---|
| Paso 1 | Terminal Configure Example: | Access the global configuration mode. |
| Paso 2 | WPS WIRALLE MFP Example: | Configure a protection of the administrative structure. |
| Paso 3 | WPS WIRALLE MFP{Ap-Dippersonation|Key cooling interval} Example: | Configure the MFP (or) -MFP UPTABLE Key in hours. Key Update Interval The MFP Key Update Interval In hours. The valid interval is 1 to 24. The default value is 24. |
| Paso 4 | Final Example: | Save the configuration and leave the configuration mode and privilegeGeneral directorWay. |
Review of the protection of the administrative structure
Use the following command to verify whether the function of the administrative structure (MFP) is activated or not:
Device#Prove the Wireless WPS SummaryEXCLUSION OF CUSTOMERS Excess 802.11 Association Errors: Excess Unknown 802.11 Authentication Error: Excessive Authentication Unknown 802.1x: Unknown IP robo: Unknown Web authentication errors Unknown: unknown QoS QoS QoS: Unknown Structure Global Infrastructure MFP MFP: AP-Ampathylification: DAVABILITES: Key: Key -Training Contract: 15Use the following command to show MFP details:
Device#Sample wireless summary wps -mfpGlobal Infrastructure Management Frame Protection MFP Status: Activate the IMITATION ID AP: Deactivated button -Aktualization Interval: 15Review of the dishonest event
To verify the history of the dishonest event, remove itShow wps rogue app wireless in detail Domain:
Dispositivos # wluse wps desonesto AP Destalle Di8b1.901c.3cfdroguguge Evento HistorieTimestamp #Times Class/State Event CTX RC ----------------------- ---------------------------------------------.5D44.FEC0/2.36-> 40 01/2020 08: 25: 19.573720 247 VECES/CPEND Lrad_expire 7C21.0700/0 X004/30/2020 07: 37.977450 2 VECES/CPENPmf_contiinment -hut (pmfdetectect) 0x030/04/2020 07: 55: 37.977242 1 UNC/ALERT INIT_TIMER_DONE 0XAB9800439E00024F 0X004/30/2020 07: 52: 33.600332 1 UNK/init_timer_start 180s 0x004/20/2020 07 0720330:Use the following command to check imitations recognized for authentication errors:
Device# show wireless wps rogue ap detailed bssid: 0062.8d30 last jehr roge roge ssid: roguea802.11w PMF required: noise rolled an imitator: yes rebel on the wire network: noClassification: MalignantManual included: NoState: threatRogue was reported for the first time: 01.07.2020 15: 51: 01 Time was reported: 01.08.2020 08:08:35 Number of customers: 0 registered with AP -Names: AP38ed.18ce.45E0 Address MAC: 38ed.18cf.83E0 Slot Detection -id: 0 Radio Type: DOT11g, DOT11N -2.4 GHz SSID: ROGUE -Canal: 6 (DS) Channel Width: 20 MHz RSI: -33 DBM SNR: 52 DB Short Propute:Disableth Security Policy: WPA2/WPA/FT Last time recorded by this AP: 08/01/2020 08:02:53Authentication Error Number: 237Villain Recognition Review
This section describes the new command to recognize villains.
The next command can be used to verify villain detection on the device.
| domain | objective |
| Show WPS WPS Ad Hoc in details MAC Address | Show the detailed information to an ad hoc villain. |
| Show wireless curriculum wps rogue adhoc | It shows a list of all Adhoc villains. |
| domain | objective |
| Show wireless customers wps rogue ap MAC Address | Show the list of all dishonest customers connected to a villain. |
| Show Custom Summary WPS Wireless WPS AP | Show the personalized information from Rogue AP. |
| Show wps rogue app wireless in detail MAC Address | It shows the detailed information to a villain. |
| Show wireless wps rogue ap -minable summary | Show the friendly information from Rogue AP. |
| Show the WPS Rogue list wireless AP MAC Address | It shows the dishonest list -which was recognized by the way AP. |
| Show wireless WPS, Roge AP Rumen Maligno | Show the malicious information of Rogue AP. |
| Show the wireless curriculum wps rogue ap | It shows a list of all villains. |
| Show the wireless summary of WPS Rogue AP not classified | Show the information from Rogue AP not classified. |
| domain | objective |
| Show WPS Unalambrico Rogue Auto-Contain | Show the information of dishonest automatic containment. |
| domain | objective |
| Sample in detail the WS WS WS Wsele class wireless Rule | Show the detailed information to a classification rule. |
| Sample the WPS WPS Wireless Rule Summary | Show the list of all dishonest rules. |
| domain | objective |
| Show wireless statistics wps rangers | Shows the villain's statistics. |
| domain | objective |
| Show the wireless client WPS Rogue in details MAC Address | It shows detailed information to a client of a villain. |
| Show Customer Summary WPS WPA WPS | Show a list of all dishonest customers. |
| domain | objective |
| Show the wireless list wps rogue ignoring | Displays the Rogue Ignorando o. |
Examples: Villain Recognition Configuration
Device#Terminal ConfigureDevice (confident)#AP -profilprofil1Device (confident)#RECOGNITION OF MIN -SSI -1Device (confident)#FinalDevice#Show the wireless client wps rogueabstract/Show wireless curriculum wps rogue apDevice#Terminal ConfigureDevice (confident)#AP -profilprofil1Device (confident)#Dishonest Detection of Minransent 500Device (confident)#FinalDevice#Show the wireless client wps rogueabstract/Show wireless curriculum wps rogue apConfigure dishonest guidelines (GUI)
process
| Paso 1 | ChooseSecurity> Security> Wireless Protection Guidelines. |
| Paso 2 | Dele.Villain policyGuide, use theVillain Recognition Safety LevelReleased -Down to select the safety level. |
| Paso 3 | Dele.Output limit for dishonest APS (second)Field enters the crossroads. |
| Paso 4 | ChooseVALIDE CUSTOMERS ROGO AGAINST AAAControl boxes to check dishonest customers against the AAA server. |
| Paso 5 | ChooseValidate villains -Controlled check boxes to verify dishonest access points in relation to the AAA server. |
| Paso 6 | Dele.Defect consultation interval (second)Field enters the break to ask the AAA server dishonest information. |
| Paso 7 | ChooseRecognize and inform Adhoc NetworksControl images to allow dishonest adhoc networks to be recognized. |
| Paso 8 | Dele.Dishonest Detection Customer Number LimitEnter the field, type the limit to create the SNMP trap. |
| Paso 9 | Dele.Content carEnter the following details. |
| Paso 10 | Use thisAutomatic containmentRelease -Down to select the level. |
| Paso11 | ChooseAutomatic containment only for monitor mode -AAPsControl Tables to limit automatic restriction only to APS monitoring. |
| Paso 12 | ChooseCableImages control control to limit self -convention only to dishonest a cable. |
| Paso 13 | ChooseWith our SSIDThe images control the control to limit self-concentration only to Rogues APK with one of the SSID configured in the controller. |
| Paso14 | ChooseAdhoc dishonest apImages control control to limit adhoc rogue aps only. |
| Paso 15 | clickApply. |
Configure dishonest guidelines (CLI)
process
| Command O ACCION | objective | |
|---|---|---|
| Paso 1 | to set up terminal Example: | Access the global configuration mode. |
| Paso 2 | Example: | Configure the safety level of villain detection. You can choosecriticalFor highly sensitive implementations,RequiredFor the customizable security level,loboFor medium -sized provisions andgravesFor small implementations. |
| Paso 3 | Crossing sem fio WPS Rogue AP -Time Number of seconds Example: | Configure the validity time of dishonest tickets in seconds. Finally, 240 seconds to 3600 seconds for time in seconds. |
| Paso 4 | Example: | Configure the use of AAA or local database to identify valid MAC addresses. |
| Paso 5 | Example: | Configure the use of MSE to identify valid MAC addresses. |
| Paso 6 | WPS WPS Rogue Client Notifica Min-RSSI Umbral de rssi Example: | Configure the minimum notification limit -villains -client. |
| Paso 7 | Notification of the client of Villan Nobrical de Mine Diving Umbral de rssi Example: | Configure the villain's RSSI deviation to the -client villains. |
| Paso 8 | Drahlose WPS Rogue AA AA Interval Survey Ap AAA -intervall Example: | Configure the dishonest validation interval AAA.The valid area for the AAA interval in seconds is 60 seconds to 86400 seconds. |
| Paso 9 | WPS Wireless SchurkenadHoc Example: | Enable the recognition and report of Adhoc Rogue (IBSS). |
| Paso 10 | WPS WPA WPS Wireless Customer Limit limit Example: | Configure Roge -Client Pro Rogue AP SNMP. The valid area for the limit is 0 to 256. |
Discovery Discovery Protocol (RLDP)
Dishonest discovery protocol
RLDP (RLDP) of ROGU location discovery is an active approach used if ROGUE AP has no authentication (open authentication). And it establishes a connection with the villain as a client.All customers connected and turn off the radio interface. So he associates the villain as a client. Receive the direction of Rogue AP and forward a user datagram protocol (UDP) (port 6352), that the local AP and Rogue connection starts informationAbout the controller contains through the ROGU AP.If the controller receives this package, the alarm defined for the network administrator with the RLDP function on the cable network, a villain was discovered.
Then you will find some guidelines for managing RLDP:
-
RLDP (RLDP) of Rogue Location Discovery recognizes the villain's access points configured for open authentication.
-
RLDP recognizes dishonest access points that use a basic identifier of the transmission services set (BSSID), ie the access point sends its general beacons identification.
-
RLDP recognizes only the dishonest access points that are in the same network.StandardsRLDP does not work.
-
RLDP does not work on 5 GHz DFs (DF) channels.
-
When RLDP is activated in AP meshes and RLDP tasks are performed, the mesh set dissociates byStandards.
-
When RLDP is activated for non -monitors AP, customer connectivity failures occur when RLDP is underway.
The following steps describe the RLDP function:
-
Identify the nearest uniform AP in the villain using signal intensity values.
-
The AP then connects with the villain as Wlanant and tries three associations before being aligned.
-
If the association is successful, the AP uses DHCP to get an IP address.
-
When an IP address was received, the AP (as WLAN customer) sends a UDPStandardsIP addresses.
-
If heStandardsEven one of the customer's RLDP packages receives that Rogue is marked as in the cable.
![Catalyst 9800 -Software -Soft -Software -Configuration -Figuration for software, Cisco iOS XE Gibraltar 16.10.x -x -Dispositive Management Dispositive [Cisco Catalyst 9800 Wireless controller] Series]] (1)](https://i0.wp.com/www.cisco.com/content/dam/en/us/td/i/templates/note.gif "Catalyst 9800 -Software -Soft -Software -Configuration -Figuration for software, Cisco iOS XE Gibraltar 16.10.x -x -Dispositive Management Dispositive [Cisco Catalyst 9800 Wireless controller] Series]] (1)") To use | RLDP packages cannot communicate with themStandardsWhen filter rules are defined between theStandardsThe network and network in which the dishonest device is located. |
WhatStandardsMonitor all closed access points and automatically find information about entry points and dishonest customers.StandardsDiscover a dishonest access point, use the RLDP (RLDP) RLDP location if the RLDP is activated to determine if the villain is connected to your network.
StandardsRLDP starts in teams of villains that are openAuthentication.Wenn RLDP FlexConnect or local access points are used, customers are currently separated. After the RLDP cycle, customers will connect again to access points.(automatically configured)The RLDP process begins.
You can configure theStandardsUse RLDP for all access points or only to the access points configured for the monitor mode. The last option facilitates automated detection of dishonest access points recognition in a radio frequency range (RF), so that theMonitoring without unnecessary disorders and no effects on regular data access point functionality is possible.StandardsTo use RLDP for all access points thatStandardsAlways select the monitor's access point for RLDP operation if there is an access point to the monitor and a local access point (data) nearby. If RLDP finds that the villain is on his network, the villain recognized the manual or automaticallymay contain.
RLDP recognizes the presence of dishonest access points, which are configured only once with open authentication.This is the default repetition configuration. Repetition can be configured with theWireless WPS Villains -RDP Repetitions CLI configuration.
You can start or activate RLDPStandardsIn three species:
-
Enter the RLDP initiative command manuallyStandardsCLI
Wireless wire dishonest ap mac-address MAC Address RLDP Started
-
Plan RLDPStandards BuildingCLI
Wireless wire dishonest ap rldp -zeitplanplan
-
Auto RLDP.sie can configure Auto RLDP toStandardsOfStandardsCli or Gui, but think about the following guidelines:
-
The automatic RLDP option can only be configured if the rebel recognition security level is defined by the user.
-
The RLDP or RLDP time plan can be activated.
-
RLDP restrictions
-
RLDP only works with the AP ROGU app, which transmits your SSID with authentication and encryption deficiencies.
-
RLDP requires the AP administered to act as a customer to receive an IP address through DHCP on the Rogue network.
-
The RLDP manual can be used to try an RLDP track in a villain several times.
-
The AP customer cannot operate during the RLDP process. This has a negative effect on local mode performance and connectivity. To avoid this case, RLDP can only be selectively activated for the monitor's AP mode.
-
RLDP does not try to connect to a villain who works on a 5 GHz -DFs channel.
-
RLDP is compatible with Cisco iOS APS only.
Configure RLDP to generate alarms (GUI)
process
| Paso 1 | ChooseSecurity> Security> Wireless Protection Guidelines. | ||
| Paso 2 | Dele.RlldpGuide, use theDishonest discovery protocolRelease -To select one of the following options:
| ||
| Paso 3 | Dele.repetitionField, indicate the number of repetitions that must be tested. The permitted area is between 1 and 5. | ||
| Paso 4 | clickApply. |
Configure an RLDP to generate alarms (CLI)
process
| Command O ACCION | objective | |
|---|---|---|
| Paso 1 | to set up terminal Example: | Access the global configuration mode. |
| Paso 2 | WPS WPS Rogue AP RLDP Alarm <Monitor-AP-NUR> Example: | Allows RLDP to generate alarms. RLDP is always activated with this method. WhatJust Monitor APThe word -chave is optional. The command with exactly thatOnly alarmThe word -chau allows RLDP without restriction in AP mode. The command withOnly alarm <monitor-ap-no>The word -chau allows only RLDP at monitor mode access points. |
| Paso 3 | Final Example: | Return to privileged executive mode. You can also press the alternativeRg-sTo finish the global configuration mode. |
Configure a schedule for RLDP (GUD)
process
| Paso 1 | ChooseSecurity> Security> Wireless Protection Guidelines. |
| Paso 2 | Dele.RlldpGuide, select the following optionsDishonest discovery protocolUnfoldable list:
|
| Paso 3 | In the number of repetition repetitions, enter the number of repetitions that must be tested. Say a valid interval between 1 and 5. |
| Paso 4 | Check aRLDP PlanCheck the boxes and type the days, the start time and the end of the process. |
| Paso 5 | clickApply. |
Configure a schedule for RLDP (CLI)
process
| Command O ACCION | objective | |
|---|---|---|
| Paso 1 | to set up terminal Example: | Access the global configuration mode. |
| Paso 2 | Inalámbrica label WPS Rogue AP RLDP -zeitplan Label start Start time Final TIME OF TIME Example: | The RLDP allows, based on a planned day, one hour start and an hour of completion. Here, LabelIt is the day when RLDP planning can be held. The values are Monday, Tuesday, Wednesday, Thursday, Friday, Saturdays and Sundays. Start timeIt is the time to start RLDP planning for the day.HH: MM: SSFormat. TIME OF TIMEThis is the final moment for RLDP planning for the day.HH: MM: SSFormat. |
| Paso 3 | Wireless wire dishonest ap rldp -zeitplanplan Example: | Activate the schedule. |
| Paso 4 | Final Example: | Return to privileged executive mode. You can also press the alternativeRg-sTo finish the global configuration mode. |
Configure Un RLDP for Auto-Contain (GUI)
process
| Paso 1 | ChooseSecurity> Security> Wireless Protection Guidelines. |
| Paso 2 | Dele.Villain policyGuide belowContent carSection, check theCableControl box. |
| Paso 3 | clickApply. |
Configure Un RLDP for Auto-Contain (CLI)
process
| Command O ACCION | objective | |
|---|---|---|
| Paso 1 | to set up terminal Example: | Access the global configuration mode. |
| Paso 2 | Drahtloser WPS Rogue Ap Rldp[[Just Monitor AP] Example: | Allows RLDP to perform automatic counts. RLDP is always activated with this method. WhatJust Monitor APThe word -chave is optional. The command with exactly thatAutomatic envelopeThe word -chau allows RLDP without restriction in AP mode. The command withAutomatic count <sontron-op-nur>The word -chau allows only RLDP at monitor mode access points. |
| Paso 3 | Final Example: | Return to privileged executive mode. You can also press the alternativeRg-sTo finish the global configuration mode. |
Configure RLDP repetition times for dishonest access points (GUI)
process
| Paso 1 | ChooseBuilding>safety>Wireless Protection Guidelines. |
| Paso 2 | About itWireless Protection GuidelinesPage click onRlldpAba. |
| Paso 3 | Enter the repetition of RLDP by dishonest access points in the onlyrepetitionto set up. The valid area is between 1 and 5. |
| Paso 4 | Save the configuration. |
Configure RLDP repetition times at ROGU (CLI) access points
process
| Command O ACCION | objective | |
|---|---|---|
| Paso 1 | to set up terminal Example: | Access the global configuration mode. |
| Paso 2 | Wireless WPS Villains -RDP Repetitions Appetizer Example: | Activate RLDP repetition times at dishonest access points. Here,AppetizerIt is the repetition number of RLDP for each of the dishonest access points. The valid area is 1 to 5. |
| Paso 3 | Final Example: | Return to privileged executive mode. You can also press the alternativeRg-sTo finish the global configuration mode. |
Villain Review -ap RLDP
The following commands can be used to verify dishonest -ap RLDP:
| domain | objective |
| Show wireless WPS AP RLDP in details MAC Address | It shows the details of RLDP to a villain. |
| Show wireless wire dishonest ap rldp en progress | Show the RLDP list in progress. |
| Show wps wps wireless ap rldp summer | Show the summary of RLDP planning information. |
Villain Recognition Safety Level
With the configuration at the level of bandit detection safety, you can establish the bandit recognition parameters.
Available safety levels are:
-
Critical: Basic detection of villains for highly sensitive dispositions.
-
High: Basic detection of villains for medium size implementations.
-
Bajo: Basic detection of villains for small implementations.
-
User defined: Standard security level, where all detection parameters can be configured.
To use | With critical, high or low or low parameters, they can be defined and cannot be configured. |
The following table shows parameter details for the three predefined levels:
| Parameter | Critical | Lobo | Graves |
|---|---|---|---|
| Clean | 3600 | 1200 | 240 |
| AAA validates customers | Disabled | Disabled | Disabled |
| ADHOC Reports | Possible fact | Possible fact | Possible fact |
| Surveillance Mode Reports | 10 seconds | 30 seconds | 60 seconds |
| At least rssi | -128 dBm | -80 dBm | -80 dBm |
| Temporal interval | 600 seconds | 300 seconds | 120 seconds |
| Content car It works only in monitor mode. | Disabled | Disabled | Disabled |
| The car contains levels | 1 | 1 | 1 |
| The car contains at the same time | Disabled | Disabled | Disabled |
| The car contains valid customers at Rogue AP | Disabled | Disabled | Disabled |
| The car contains adhoc | Disabled | Disabled | Disabled |
| Automatic containment | Possible fact | Possible fact | Possible fact |
| Validate CMX customers | Possible fact | Possible fact | Possible fact |
| FlexConnect Containment | Possible fact | Possible fact | Possible fact |
| Rlldp | Monitor AP when RLDP planning is deactivated. | Monitor AP when RLDP planning is deactivated | Disabled |
| The car contains RLDP | Disabled | Disabled | Disabled |
Determination of villain recognition security levels
Follow the procedure below to determine the safety level of dishonest detection:
process
| Command O ACCION | objective | |
|---|---|---|
| Paso 1 | Terminal Configure Example: | Access the global configuration mode. |
| Paso 2 | WPS WPS Rogue Security Niveau Custom Example: | Configure the level of dishonest detection as a custom. |
| Paso 3 | Wireless security wps rogue niedrig Example: | Configure the level of bandit detection safety to the base of villain detection for small implementations. |
| Paso 4 | Wireless WPS WPS level hoh Example: | Configure the safety level for bandits to detect dishonest detection for medium size implementations. |
| Paso 5 | Wireless Villa WPS level critically Example: | Configure the level of security for bandits to detect dishonest detection for highly sensitive deprivation. |
Wireless Service Tangaras Sure Events
WLAS Service Assurance (WSA) dishonest events, supported by publications of version 16.12.x and later, consist of telemetry notifications for a SNMP trap subgroup.
For all exported events, the following details for the WSA infrastructure of the Wireless Service Warrant
-
MAC -ROGA APDITION AP
-
Details of the AP administered and radio, which recognized the dishonest with the strongest RSI
-
Specific events of events such as SSID, channel for possible Honeypot events and Identity MAC address for ID events
WSA ROGU event functions can rise up to four times more than many compatible APs and half the maximum number of compatible customers.
WSA Rogue events are supported by Cisco DNA Center and other third part infrastructures.
process
| Command O ACCION | objective | |
|---|---|---|
| Paso 1 | Terminal Configure Example: | Access the global configuration mode. |
| Paso 2 | Network Warranty Activation Example: | Activate wireless service insurance. |
| Paso 3 | Unalambric WPS Rogue Network Assurance Example: | It allows the Wireless Service Insurance Company for Rebel Devices. This ensures that WSA Rogue events be sent to the event participation. |
Monitoring of Wireless Service Guarantee Villains
process
-
Show wireless statistics wps rangers
Example:
Dispositivo# Show WPS WPS Rogue Statswsa Eventos Total de eventos WSA desencadeados: 9 Rogue_potencial_HoneyPot_Detected: 2 Rogue_potencial_Honeypot_cleared: 3 Rogue_PoTealTeation_Deteteted: 4 Total WSA Events: 6 Rogue_PoTealTeation_Detected: 4 Total WSA Event: 6 Rogue_poTealation_toTetected: 4 Total WSAIn this example, nine events were activated, but only six of them were recorded. This happens because three events were activated before activating the function of WSA -roga.
-
Mostre WPS Wireless Rangers internamente
Show wps rogue app wireless in detail Dishonest-ap-mac-adessse
These commands show information about WSA events in the history of events.