Device Categorization

About this task

A proper classification and categorization of access points and clients can help suppress unnecessary unauthorized access point alarms, and allow an administrator to focus on alarms on devices actually behaving in a suspicious manner. An intruder with a device erroneously authorized could potentially perform activities that harm your organization.

Authorized access points and clients are generally known to you and conform with your organization‘s security policies. Unauthorized devices are those detected as interoperating within the network, but have not been approved. These devices should be filtered to avoid jeopardizing the data managed by the access point and its connected clients. Use the Device Categorization screen to apply neighboring and sanctioned (approved) filters on peer access points operating in this access point‘s radio coverage area. Detected client MAC addresses can also be filtered based on their classification in this access point‘s coverage area.

To categorize access points and clients as authorized or unauthorized:

Procedure

  1. Select ConfigurationSecurityDevice Configuration to display existing device categorization policies.
    The Device Categorization screen lists the device authorizations defined thus far.
    Click to expand in new window
    Device Categorization screen
    GUID-825677EA-6574-41BD-944E-8C0E230E5A4A-low.png
  2. Select Add to create a new Device Categorization policy, Edit to modify the attributes of a selected policy or Delete to remove obsolete policies from the list of those available.
    Click to expand in new window
    Device Categorization Screen - Marked Devices
    GUID-CA757FC2-1F9C-4474-B505-1F901273CF06-low.png
  3. If you are creating a new Device Categorization filter, give it a Name (up to 32 characters).
    Select OK to save the name and enable the remaining device categorization parameters.
  4. Select + Add Row to populate the Marked Devices field with parameters for classifying an access point or client and defining the target device‘s MAC address and SSID.
    Select the red (-) Delete Row icon as needed to remove an individual table entry.
  5. Refer to Thresholds field to set the thresholds used as filtering criteria.
    Index Use the spinner control to designate a index value to this entry. Use a value in the range 1 - 1000.
    Classification Use the drop-down menu to designate the target device as either Sanctioned or Neighboring.
    Device Type Use the drop-down menu to designate the target device as either an access point or client.
    MAC Address Enter the factory coded MAC address of the target device. This address is hard coded by the device manufacturer and cannot be modified. This MAC address is defined as authorized or unauthorized as part of the device categorization process.
    SSID Enter the SSID of the target device requiring categorization. The SSID cannot exceed 32 characters.
  6. Select OK to save the updates to the Marked Devices list.
    Select Reset to revert to the last saved configuration.