When multiple rules are configured, eSight checks for a rogue device starting from the rule of the highest priority.Ĭlick or in the Operation column to adjust the priority. Valid users association: Identify users that have connected to rogue APs.Įach rogue device can match only one rule.Aggressive behavior: Specify this parameter for identifying rogue APs that make attacks.Detecting the number of AP: Set AP's Number for matching rogue devices.Signal Strength: Set Strength(dBm) for matching rogue devices.SSID: Match rogue devices with similar SSIDs in regular or fuzzy mode.Channel: Match rogue devices of Same Channel or Neighboring Channel.If some BSSIDs have identical last four bits, eSight associates the BSSIDs to one physical device.Ĭlick and set basic parameters and discovery filter for the rule. A larger mask length makes it easier to associate rogue APs with similar BSSIDs to one physical device.įor example, if this parameter is set to 4, eSight converts the last two digits of BSSIDs into binary bits and compares the last four bits of the BSSIDs. Choose Security > Rule from the navigation tree on the left.Īfter the mask length of BSSIDs is set, rogue APs with similar BSSIDs are associated to one physical device.Choose Resource > Network > Equipment > WLAN Resources from the main menu.This enables network administrators to quickly locate and handle the problems to improve network security. You can configure security rules to classify and filter rogue APs and trigger alarm sending accordingly. Enable the WLAN user log reporting function. Configure the log information to be exported to the eSight server.
info-center loghost 192.168.1.10 channel channel0 facility local0 ///5. Configure the source interface for sending logs. info-center loghost source vlanif 2 ///4. info-center source default channel channel0 log level notification ///3. info-center channel 0 name channel0 ///2. The configuration on an AC6605 is as follows: system-view info-center enable ///1. You only need to configure the log function on the AC. eSight periodically parses the logs and saves user access information.
You can view the historical access records of a user in the area object manager only after the log function is configured.Īfter the log function is configured for the WLAN service on an AC, the AC records logs about user access and sends the logs to the eSight server.
0 kommentar(er)
