This article provides details on how RAPIDS module on Airwave classifies a device as rogue based on the OUI score calculated.
On Airwave, navigate to the RAPIDS page and click on Rules.
On this page click on ADD to add a new rule for defining a device as rogue based on OUI score calculated
Based on a network's requirement, the rule can be created based on the picture below.
Once this rule is created click on save and wait for RAPIDS to reclassify the devices.
The devices that match this rule will be defined as rogue.
The rule is based on the OUI score calculated for the devices.
On Airwave we have a CSV file which is located at the following location.
When we open this file, the first line contains the following information based on which device information is entered.
It is based on this information a device is defined as ROGUE.
For example if we consider a Hewlett Packard device:
"00-11-0A","Hewlett Packard","Hewlett-Packard Company","1","1","","Printer"
Here 00-11-0A is the first 3 octets of the MAC address of the device.
The next 2 fields determines the vendor.
is_wifi_maker, is_ap, is_soho, device_type determines the final OUI score.
If a "1" is mentioned in any of the above parameters then it is added to the final score.
So as per example given above, the final score is 3. Considering the device to be a wifi maker and an AP device and finally a Printer.
The CSV file contains information of devices from various vendors which are considered to be rogue devices, and this file has been created to address the rogue devices that could be a part of the network.