Configure a Device Categorization Policy

About this task

Having devices properly classified can help suppress unnecessary unsanctioned alarms. It allows an administrator to focus on the alarms and devices that are causing issues. An intruder with a device erroneously authorized could potentially perform activities that can harm your organization while appearing to be legitimate. Device categorization policy enables devices to be categorized as access points or wireless clients, then defined as sanctioned or unsanctioned within the network.

Sanctioned access points and wireless clients conform with the organization‘s security policies. Unsanctioned devices interoperate within the managed network, but are not approved. These devices should be filtered to avoid jeopardizing data.

Procedure

  1. Select Policies > Device Categorization.
    The Device Categorization list displays the authorization policies defined thus far.
  2. Select to create a new policy or to edit an existing policy.
  3. For new policy, provide a unique policy name not exceeding 64 characters.
  4. Select Add.
    The Marked Devices Details dashboard opens.
  5. Select Add to configure marked devices settings:
    Setting Description
    Index Use the spinner controls to set the Index number for each Device Categorization Name. The default setting is 1
    Classification Use the drop-down list box to designate the target device as either sanctioned (True) or neighboring (False)
    Device Type Use the drop-down list box to designate the target device as either an access point or wireless client
    MAC Address Type the factory coded MAC address of the target device. This address is hard coded by the device manufacturer and cannot be modified. The MAC address will be defined as sanctioned or unsanctioned as part of the device categorization process
    SSID Type the SSID of the target device requiring categorization. The SSID cannot exceed 32 characters
  6. Select Add to update Marked Devices settings.