RingMaster Management Guide - Juniper Networks

More documents

Recommendations

Info

Table 1– 1. SNMP Notifications for RF Detection (continued) Notification Type Description RFDetectSpoofedSSIDAP RFDetectDoS RFDetectDoSPort RFDetectClientViaRogueWir edAP Mobility Domain Requirement RF Detection requires a Mobility Domain to be available. If no Mobility Domain is operational — not all members are up — no new RF Detection data is processed. Existing RF Detection information ages normally. Processing of RF Detection data is resumed when all members of a Mobility Domain are up. If a seed MX in a Mobility Domain cannot resume full operation, you can restore the Mobility Domain to full operation, and therefore resume RF Detection data processing, by removing inoperative MXs from the member list on the seed. Rogue Detection Lists MSS has detected beacon frames for a valid SSID, but sent by a rogue AP. MSS has detected a DoS attack other than an associate request flood, reassociate request flood, or disassociate request flood. MSS has detected an associate request flood, reassociate request flood, or disassociate request flood. MSS has detected, on the wired part of the network, the MAC address of a wireless client associated with a third-party AP. Rogue detection lists specify third-party devices and SSIDs that MSS allows on a network, and devices MSS classifies as rogues. You can configure the following rogue detection lists: ❑ Permitted SSID list — A list of SSIDs allowed in the Mobility Domain. MSS generates a message if an SSID not on the list is detected. ❑ Permitted vendor list — A list of the wireless networking equipment vendors whose equipment is allowed on the network. RingMaster identifies the vendor using the Organizationally Unique Identifier (OUI) The OUI is the first three bytes of the MAC address of the equipment. MSS generates a message if an AP or wireless client with an OUI that is not on the list is detected. ❑ Rogue list — A list of AP MAC addresses to attack whenever they are present on the network. ❑ Client black list — A list of MAC addresses of wireless clients who are not allowed on the network. MSS prevents clients on the list from accessing the network through an MX. If the client is placed on the black list dynamically by MSS due to an association, reassociation or disassociation flood, MSS generates a log message. ❑ Ignore list — A list of third-party devices that you want to exempt from rogue detection. MSS does not count devices on the ignore list as rogues or interfering devices, and does not issue countermeasures against them. An empty permitted SSID list or permitted vendor list implicitly allows all SSIDs and vendors. When you add an entry to the SSID or vendor list, SSIDs or vendors not in the list are disallowed. An empty client black list allows all clients, and an empty ignore list considers all third-party wireless devices to be potential rogues. All lists except the black list require manual configuration. You can configure entries in the black list, and MSS can place a client in the black list, due to an association, reassociation, or disassociation flood from a client. The rogue classification algorithm examines each of these lists when determining if a device is a rogue. Figure 1–1 shows how the rogue detection algorithm uses lists. 140 Detecting Rogue Devices Copyright © 2011, Juniper Networks, Inc.
Figure 1–1. Rogue Detection Algorithm MP radio detects wireless packet. Source MAC in Ignore List? No SSID in Permitted SSID List? No Yes Yes Device is not a threat. OUI in Permitted Vendor List? Detecting Rogue Devices Copyright © 2011, Juniper Networks, Inc. Detecting Rogue Devices 141 Yes Source MAC in Rogue List? No Rogue classification algorithm deems the device to be a rogue? Using Fault Management to Locate a Rogue No No Yes Yes Generate an alarm. Classify device as a rogue. Issue countermeasures (if enabled). This section provides an example of how you can use the Fault Management system to locate rogue devices on your network, then configure MSS to use countermeasures against them. AP radios automatically scan the RF spectrum for other devices transmitting in the same spectrum. The RF scans discover third-party transmitters in addition to other Trapeze radios. MSS considers the non-Trapeze transmitters to be devices of interest, which are potential rogues. A rogue access point is an unauthorized access point on your network. Rogue access points and their clients undermine the security of an enterprise network by potentially allowing unchallenged access to the network by any wireless user or client in the physical vicinity. Rogue access points and users can also interfere with the operation of your enterprise network. You can configure RingMaster to automatically use countermeasures against rogue APs to disable them. Not all access points placed on the rogue list are “hostile” rogues. You may want to move some of the access points from the rogue list to a known devices list or a third-party AP list. For more information about this topic as well as more detailed information about combatting rogues, see the chapter “Detecting and Combatting Rogue Devices” in the Trapeze RingMaster Reference Manual.
Page 1 and 2:
RingMaster Monitoring and Managemen
Page 3 and 4:
About This Guide RingMaster 7.4 Man
Page 5 and 6:
Convention Use Bold italic text fon
Page 7 and 8:
Agreement are incorporated herein i
Page 9 and 10:
1 RingMaster Services This chapter
Page 11 and 12:
Connecting a Client to RingMaster S
Page 13 and 14:
Certificate Check RingMaster Servic
Page 15 and 16:
RingMaster Services Home Page RingM
Page 17 and 18:
Setup Tab Server Settings RingMaste
Page 19 and 20:
Server Certificate Select Server Ce
Page 21 and 22:
RingMaster Services ❑ RMTS-250
Page 23 and 24:
RingMaster Services 5. To prevent R
Page 25 and 26:
RingMaster Services 3. To change Po
Page 27 and 28:
Access Control Tab RingMaster Servi
Page 29 and 30:
User Groups RingMaster Services Use
Page 31 and 32:
Plan Management Tab New Plan RingMa
Page 33 and 34:
Delete Plans RingMaster Services To
Page 35 and 36:
Backup and Restore RingMaster Servi
Page 37 and 38:
Deleting a Plan Backup RingMaster S
Page 39 and 40:
Alarms Select Maintenance, then sel
Page 41 and 42:
Log RingMaster Services Select Main
Page 43 and 44:
Threads Select Maintenance, then se
Page 45 and 46:
RingMaster Client Preferences This
Page 47 and 48:
RingMaster Client Preferences 3. In
Page 49 and 50:
RingMaster Client Preferences f. To
Page 51 and 52:
Certificate Management RingMaster C
Page 53 and 54:
Managing with RingMaster This chapt
Page 55 and 56:
Radius Attribute Name Acct-Session-
Page 57 and 58:
Configuration/RF Planning View Mana
Page 59 and 60:
❍ Upload MX ❍ Convert Auto AP
Page 61 and 62:
Task Review Local Changes Deploy Un
Page 63 and 64:
Reports View Managing with RingMast
Page 65 and 66:
Managing with RingMaster labels inc
Page 67 and 68:
Managing with RingMaster Users can
Page 69 and 70:
3. From the Task list, select Creat
Page 71 and 72:
❑ Snoop Filter ❑ SNMP Under Oth
Page 73 and 74:
Creating Locales Using RF Planning
Page 75 and 76:
1. Select a Location Server from th
Page 77 and 78:
1. Under Create, click Create RF Fi
Page 79 and 80:
1. Click Edit Location Server to di
Page 81 and 82:
. 7. Click Next. Managing with Ring
Page 83 and 84:
Managing with RingMaster If you sel
Page 85 and 86:
Managing with RingMaster ❑ Client
Page 87 and 88:
Network Changes Managing with RingM
Page 89 and 90:
Viewing Policy Changes Managing wit
Page 91 and 92:
Deploying Local Changes Managing wi
Page 93 and 94:
3. In the Tasks panel, select View
Page 95 and 96:
3. From the Tasks, select Image Rep
Page 97 and 98:
Managing with RingMaster 2. In the
Page 99 and 100:
Managing with RingMaster ❑ The We
Page 101 and 102:
Managing with RingMaster This butto
Page 103 and 104: Monitor Function This chapter highl
Page 105 and 106: Monitor Function multiple sites man
Page 107 and 108: Cluster Status Monitoring In the Do
Page 109 and 110: Monitor Function This table indicat
Page 111 and 112: Monitor Function ❑ RingMaster pro
Page 113 and 114: Monitor Function panel is selected,
Page 115 and 116: Status Monitor or Status Summary De
Page 117 and 118: Noise Floor Monitor Function If you
Page 119 and 120: Coverage Hole If you click on Cover
Page 121 and 122: Monitor Function This dialog allows
Page 123 and 124: Session Details ❍ View ◆Session
Page 125 and 126: Locating A User Monitor Function Di
Page 127 and 128: Traffic Monitor Dashboard Monitor F
Page 129 and 130: Monitor Function The following scre
Page 131 and 132: Traffic Details Monitor Function Cl
Page 133 and 134: Finding a User You can find a user
Page 135 and 136: Monitor Function You can display a
Page 137 and 138: View User Performance Statistics Mo
Page 139 and 140: 3. Click Details in the Traffic Sum
Page 141 and 142: Monitor Function Optimize your netw
Page 143 and 144: Managing Alarms Fault Management is
Page 145 and 146: Managing Alarms ❍ Performance ❍
Page 147 and 148: ❍Alarms ◆Event Details ◆Setup
Page 149 and 150: Managing Alarms You can select seve
Page 151 and 152: Alarms Database Query Managing Alar
Page 153: Detecting Rogue Devices AP radios a
Page 157 and 158: Detecting Rogue Devices Select OK a
Page 159 and 160: The approximate location of a rogue
Page 161 and 162: RF Classification If you click RF C
Page 163 and 164: Rogue Devices If you click Rogue De
Page 165 and 166: Clicking on the link provided shows
Page 167 and 168: Unauthorized Devices If you click U
Page 169 and 170: Displaying Rogue Details Detecting
Page 171 and 172: Column Description Channel SSID Dis
Page 173 and 174: The Client Location screen appears,
Page 175 and 176: Converting a Rogue into a Third Par
Page 177 and 178: RingMaster Reports The Reports butt
Page 179 and 180: RingMaster Reports 4. To generate a
Page 181 and 182: RingMaster Reports 2. In the Report
Page 183 and 184: RingMaster Reports Copyright © 201
Page 185 and 186: 7. When the report is generated, cl
Page 187 and 188: Table 1- 3 lists the sections in an
Page 189 and 190: Client Summary Report Changes In th
Page 191 and 192: 10. Click Next to generate the repo
Page 193 and 194: 4. To generate a new report, click
Page 195 and 196: Top APs ❑ Cumulative errors for t
Page 197 and 198: 5. Select parameters for the report
Page 199 and 200: SmartPass New Reports SMS/Email Not
Page 201 and 202: RingMaster Reports ❑ Network Plan
Page 203 and 204: RF Summary Report Changes New colum
Page 205 and 206:
Radio Detail Report Changes New col
Page 207 and 208:
10. When the report is generated, c
Page 209 and 210:
11. When the report is generated, a
Page 211 and 212:
5. Select the scope type of the rep
Page 213 and 214:
1. Click Alarm History in the Tasks
Page 215 and 216:
1. Select the Reports Navigation Ba
Page 217 and 218:
Site Survey Order RingMaster Report
Page 219 and 220:
8. Click Generate to generate the r
Page 221 and 222:
2. In the Organizer panel, select R
Page 223 and 224:
Saving a Report RingMaster Reports
Page 225 and 226:
To schedule and e-mail a report: Ri
Page 227 and 228:
Working with Network Plans A networ
Page 229 and 230:
Working with Network Plans 1. In th
Page 231 and 232:
Configuring AirDefense The AirDefen
Page 233 and 234:
Configuring AirDefense 6. From the
show all

RingMaster Management Guide - Juniper Networks

Create successful ePaper yourself

Delete template?

Save as template?