ap-detection
Enables the detection of unauthorized or unsanctioned APs.
Unauthorized APs are untrusted access points connected to an access point managed network.
These untrusted APs accept wireless client associations. It is important to detect such
rogue APs and declare them unauthorized. Rogue AP detection is disabled by
default.
Supported on the following devices:
- Access Points: AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502,
AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543,
AP8533.
- Service Platforms:
NX5500, NX7500, NX9500, NX9600
- Virtual Platforms: CX9000, VX9000
Syntax
ap-detection {ageout|air-termination|interferer-threshold|recurring-event-interval|wait-time}
ap-detection {ageout <30-86400>|interferer-threshold <-100--10>|recurring-event-interval <0-10000>|
wait-time <10-600>}
ap-detection air-termination {allow-channel-switch|mode [auto|manual]}
Parameters
ap-detection {ageout <30-86400>|interferer-threshold <-100--10>|recurring-event-interval <0-10000>|
wait-time <10-600>}
| ap-detection |
Enables detection of unauthorized or unsanctioned
APs |
| ageout <30-86400> |
Optional. Configures the unauthorized AP ageout
interval. The WIPS policy uses this value to ageout unauthorized APs.
- <30-86400> – Sets an ageout interval from 30 -
86400 seconds. The default is 5 minutes (300 seconds).
|
| recurring-event-interval <0-10000> |
Configures recurring event interval help of
unauthorized APs
- <0-10000> – Configures the recurring interval
between 0 - 10000 seconds. The default is 300 seconds.
|
| interferer-threshold <-100--10> |
Configures RSSI threshold value to determine if
an unsanctioned ap is an interferer or not
- <-100--10> – Configures the rssi threshold between -100 - -10 dBm.
The default is -75 dBm.
|
| wait-time <10-600> |
Optional. Configures the wait time before a
detected AP is declared as unauthorized and potentially removed
- <10-600> – Sets a wait time from 10 - 600 seconds. The default is
1 minute (60 seconds).
|
ap-detection air-termination {allow-channel-switch|mode [auto|manual]}
| ap-detection |
Enables detection of unauthorized or unsanctioned APs |
| air-termination {allow-channel-switch| mode [auto|manual]} |
Enables air termination of unauthorized APs. This option is disabled by
default.
- allow-channel-switch – Optional. Allows channel switch of
unauthorized APs based on the channel mode. This option is disabled by
default.
- mode [auto|manual] – Optional. Select the mode as
auto or manual to configure. The
default setting is manual.
|
Examples
nx9500-6C8809(config-wips-policy-test)#ap-detection wait-time 15
nx9500-6C8809(config-wips-policy-test)#ap-detection age-out 50
nx9500-6C8809(config-wips-policy-test)#show context
wips-policy test
ap-detection-age-out 50
ap-detection-wait-time 15
nx9500-6C8809(config-wips-policy-test)#
nx9500-6C8809(config-wips-policy-test2)#ap-detection recurring-event-interval 10
nx9500-6C8809(config-wips-policy-test2)#show context
wips-policy test2
ap-detection recurring-event-interval 10
nx9500-6C8809(config-wips-policy-test2)#
