470 CHAPTER 18: DETECTING AND COMBATTING ROGUE DEVICESRogue DetectionRequirementsRogue detection in 3WXM has the following requirements. The Enable Rogue Detection option must be selected on theMonitoring Settings section of the 3WXM Services Setup dialog. (See“Changing Monitoring Settings” on page 510.) To use countermeasures, they must be enabled. You can enable themon an individual radio profile basis. (See “Viewing and ConfiguringRadio Profiles” on page 272.) SNMP notifications must be enabled on the WX switches. Table 34lists the notification types related to RF detection. The notificationtypes for Intrusion Detection System (IDS) and Denial of Service (DoS)protection are also listed. (To enable notifications on a switch, see“Configuring SNMP” on page 196.)Table 34 SNMP Notifications for RF DetectionNotification Type DescriptionRogue detection notificationsRogueDetect Indicates that MSS has detected a rogue AP.RFDetectRougeDisappear Indicates that MSS is no longer detecting apreviously detected rogue AP.RFDetectInterferingRogueAP Indicates that MSS has detected an interferingdevice.RFDetectInterferingRogueDisappear Indicates that MSS is no longer detecting apreviously detected interfering device.RFDetectAdHocUser Indicates that MSS has detected an ad-hocuser.RFDetectUnAuthorizedSSID Indicates that MSS has detected an SSID thatis not on the permitted SSID list.RFDetectUnAuthorizedOUI Indicates that MSS has detected a wirelessdevice that is not on the list of permittedvendors.RFDetectUnAuthorizedAP Indicates that MSS has detected the MACaddress of an AP that is on the attack list.IDS/DoS notificationsFor more information about IDS/DoS, see the “IDS and DoS Alerts” section in the“Rogue Detection and Countermeasures” chapter of the Wireless LAN Switch andController Configuration Guide.CounterMeasureStart Indicates that MSS has beguncountermeasures against a rogue AP.
