Forgot password?
 Register now


Wireless

View: 144|Reply: 2

How to optimize WIDS

[Copy link]

3

Digests

610

Posts

688

Credits

administrator

Rank: 9Rank: 9Rank: 9

Credits
688
Post time 2017-4-26 15:13:33 | Show all posts |Read mode
How to optimize WIDS when the Rogue Device Detectionand containment does not work as good as expectation?
Reply

Use magic Report

3

Digests

610

Posts

688

Credits

administrator

Rank: 9Rank: 9Rank: 9

Credits
688
 Author| Post time 2017-4-26 15:14:04 | Show all posts
1. Countermeasure in a same channel
When the containment effect is not good as expectation, check whether the rogue AP and the WIDS AP use the same channel. If not, configure them to use the same channel or specify a scanning channel (in ap-config mode, run scan-channels 802.11b channels NUM1 NUM2…), and enable the contain of the specified channel (in ap-config mode, run countermeasures channel-match).

2. Containment interval
The contain interval can be shortened (by default, the contain is performed once every 1s). In ap-config mode, run countermeasures interval 100 to set the contain interval to 100 ms.

3. Unicast containment
If the contain effect is not obvious, enable the unicast contain. In the WIDS mode, run device unknown-sta dynamic-enable. Run show wids unknown-sta to check whether any STA-MAC to be contained is learnt. You can also manually configure the STA-MAC to be contained (device unknown-sta mac-address H.H.H). When unknown STA learning is enabled, the AP learns the adjacent terminals. In contain mode, the contain packets are sent to the STAs using the bssid of the rogue AP. However, certain STAs can process the contain packets sent from the non-associated bssid, packet loss or offline state may occur. Therefore, exercise caution when you use this function.

4. Maximum number of contains
By default, the device end can contain up to 30 rogue APs. If more than 30 rogue APs need to be contained, the maximum number of contained APs should be increased. In ap-config mode, you can run countermeasures ap-max NUM (NUM ranges from 1 to 256) to set the maximum number of contained APs.

5. Minimum signal strength for contain
When the contain mode is set to Rogue, by default, the Rogue AP with a signal strength being higher than 25 dBm is contained. To contain an AP with RSSI smaller than 25 dBm, you can configure countermeasures rssi-min NUM (NUM ranges from 0 to 75, and the corresponding negative RSSI ranges from –95 to –20) in ap-config mode. In Rogue mode, the AP contains all APs not on the friendly list. Therefore, exercise caution when you use this function.

Digests

Posts

0

Credits

Novice

Rank: 1

Credits
0
Post time 2017-8-8 10:59:29 | Show all posts
Good.......
Reply

Use magic Report

You have to log in before you can reply Login | Register now