Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     
     

    Creating and Managing RF Detection Profiles

    In addition to sending and receiving data, radios provide RF detection, locating and tracking other electronic device signals on the network. When active scan is enabled in a Radio profile, the radios with an RF Detection profile actively scan other channels in addition to the data channel that is currently in use. Active scan operates on both enabled radios and disabled radios. For more information about scanning, see Understanding Wireless Scanning.

    Tip: A radio in sentry mode is a dedicated scanner (no data transmission) providing better RF detection because the radio spends more time scanning each channel.

    You must indicate how to classify the information gathered—to do this in Network Director, you create RF Detection profiles. You can set rules for devices to be classified as rogues, blacklisted devices, SSIDs, and friendly neighbor devices. You can also specifically add a device to the Rogues list, Black List, SSID list, or Neighbor list to classify the device yourself.

    Managing RF Detection Profiles

    From the Manage RF Detection page, you can:

    • Create a new RF Detection profile by clicking Add. For directions, see Creating an RF Detection Profile.
    • Modify an existing RF Detection profile by selecting it and clicking Edit.
    • Assign a RF Detection profile to access points by selecting the profile and clicking Assign. For directions, see Assigning RF Detection Profiles to Controllers.
    • Edit an existing RF Detection profile by selecting it and clicking Edit Assignment.
    • Delete a RF Detection profile by selecting site name and clicking Delete.

      Tip: You cannot delete a profile that is in use. To see the current state of a profile, select the site name and click Details.

    • Clone a RF Detection profile by selecting a profile and clicking Clone.

    Table 1 describes the information provided about RF Detection profiles on the Manage Switching profiles page. This page lists all RF Detection profile defined for your network, regardless of the scope you selected in the network view.

    Table 1: RF Detection Profile Information

    Field

    Description

    Profile Name

    Unique name, assigned when the profile was created, that identifies the profile.

    WLA Signature Enabled

    Access points’ WLA signatures can be disabled or enabled. When a WLA signature is enabled, MSS can detect an attempts to spoof management packets from the access point.

    WLA Signature

    Access points’ WLA signatures are a set of bits in a management frame sent by an WLA as an identifier to MSS.

    Dynamic Blacklist Timeout Enabled

    Are devices automatically removed from the black list after a certain period of time? Enabled means they are automatically removed at some point, while disabled means they are never automatically removed.

    Dynamic Blacklist Timeout

    When a dynamic (automatic) blacklist has a timeout parameter for length of time on a black list, this value indicates the number of seconds before a device is removed from the black list.

    Assignment State

    Displays the assignment state of the profile. A profile can be:

    • Unassigned—When the profile is not assigned to any object..
    • Deployed—When the profile is assigned and is deployed from Deploy mode.
    • Pending Deployment—When the profile is assigned, but not yet deployed in the network.

    Creation Time

    Date and time when the profile was created.

    Last Updated Time

    Date and time when the profile was last modified.

    User Name

    The username of the person who created or modified the profile.

    Creating an RF Detection Profile

    To create a RF Detection profile for wireless devices, follow these steps:

    1. Under Views, select one of these options: Logical View, Location View, Device View or Custom Group View.

      Tip: Do not select Dashboard View, Datacenter View, or Topology View.

    2. Click in the Network Director banner.
    3. In the Tasks pane, expand Wireless, expand Profiles, and then click RF Detection.

      The Manage RF Detection Profiles page appears, displaying the list of currently configured RF Detection profiles.

    4. Click Add on the Manage RF Detection Profiles page.

      The Create RF Detection Profile page opens.

    5. On the Create RF Detection Profile for Wireless page, provide the rule settings and individual configurations listed in Specifying RF Detection Profile Classification Settings.
    6. Click Done.

      The Create RF Detection Profile page closes and the RF Detection profile is added to the list on the Manage RF Detection Profiles page.

    Specifying RF Detection Profile Classification Settings

    Specify the RF Classification settings described in Table 2.

    Table 2: RF Detection Settings

    Field

    Description

    Profile Name

    Type a unique name, up to 32 characters, that identifies the profile.

    Profile names must not contain special characters or spaces. Note that profiles automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

    Description

    Type up to 256 characters.

    WLA Signature
    (disabled by default)

    An access point’s WLA signature, a set of bits in a management frame sent by an access point as an identifier to MSS, can be disabled or enabled. When WLA signature is enabled, MSS can detect attempts to spoof management packets from the access point.

    Dynamic Blacklist Timeout
    (enabled by default)

    Number of seconds that a blacklisted client stays on the black list. The default is 300 seconds.

    RF Classification Rules

    Expand RF Classification Rules to see these settings. Eight RF classification rules interpret data gathered by RF detection, and then classify detected devices according to the rules. Some rules cannot be changed—for example, a device recognized as a rogue is also classified as a rogue. However, about half of the rules have options—for example, if a device is recognized as ad-hoc (not using an access point), you can elect to ignore it or to classify it as a rogue. To make changes to the rules, expand this RF Classification Rules section.

    Note: Any individual classification you do takes precedence over the rules.

    For more information about classification of RF data, see

    Device is on rogue list

    Rule: Classify as Rogue
    Rule cannot be altered. For more information about rogue devices, see Understanding Rogue Clients.

    AP is part of Mobility Domain

    Rule: Classify as Member
    Rule cannot be altered.

    Device is on Neighbor list

    Rule: Classify as Neighbor
    Rule cannot be altered. For more information about mobility domains, see Understanding Mobility Domains.

    SSID is not in your network

    Rule: Classify as Neighbor
    Rule cannot be altered.

    SSID has been determined to be an SSID Masquerade.

    Rule: Select either Classify as Rogue or Skip Test Classification (ignore). For an explanation of this situation, see Understanding an SSID Masquerade.

    Client Destination (DST) MAC address has been seen in the network

    Rule: Select either Classify as Rogue or Skip Test Classification (ignore).

    Device is on ad-hoc device list.

    Rule: Select either Classify as Rogue or Skip Test Classification (ignore). For an explanation of this situation, see Understanding Ad-Hoc Networks.

    When no other classification has been made, use this Default rule.

    Rule: Select either Classify as Suspect, Classify as Rogue or Skip Test Classification (ignore).

    RF Classification Parameters: Classify Devices as Rogues

    You can define any device, by indicating its MAC address, as a rogue. This individual classification takes precedence over any classification done by the rules.

    Task: Add a rogue device to the Rogues List

    1. Click Add under Rogues.

      The Create Rogue Device Entry window opens.

    2. Enter a MAC address in the Create Rogue Device Entry window.
    3. Click OK.

      The Create Rogue Device Entry window closes and the MAC address now appears in the MAC Address list under Rogues.

    RF Classification Parameters: Blacklist Devices

    You can blacklist any device, by indicating its MAC address. This individual classification takes precedence over any classification done by the rules.

    Task: Blacklist a device.

    1. Click Add under Black List.

      The Create Black List Entry window opens.

    2. Enter a MAC address in the Create Black List Entry window.
    3. Click OK.

      The Create Black List Entry window closes and the MAC address now appears in the MAC Address list under Black List.

    RF Classification Parameters: Classify SSID as Known

    You can define any detected SSID as known. This individual classification takes precedence over any classification done by the rules.

    Task: Add an SSID to the Known SSIDs list

    1. Click Add under SSIDs.

      The Create Known SSID Entry window opens.

    2. Type the name of the SSID in the Create Known SSID Entry window.
    3. Click OK.

      The Create Known SSID Entry window closes and the SSID now appears in the SSID list under SSIDs.

    RF Classification Parameters: Classify Devices as Neighbors

    You can define any device, by indicating its MAC address, as a neighbor. You can also define devices from any vendor as neighbors by using the Vendor OUI. This classification takes precedence over any classification done by the rules.

    Task: Add a friendly device to the Neighbors List

    1. Click Add under Neighbors.

      The Create Neighbor Device Entry window opens.

    2. Enter a MAC address in the Create Neighbor Device Entry window. The address is six bytes (xx:x:xx:xx:xx:xx) for a device or it can refer to a Vendor OUI in which case it is 3 bytes (xx:xx:xx).
    3. Click OK.

      The Create Neighbor Device Entry window closes and the MAC address now appears in the MAC Address list under Neighbors.

    What To Do Next

    Assign the RF Detection Filter profile to an access point following the directions in Assigning RF Detection Profiles to Controllers.

     
     

    Modified: 2017-04-20