Network Management

Well, I guess the title says it all. I've been searching the forums, and apparently I cannot get the right parameters to find an answer to this. We have a 3400 controller, we are running AirWave. Each show detected rogues and various wireless 'attacks' - hotspotting, adhoc. However, the detections don't match. Unfortunately, I was given this already set up with no documentation on how it was set up. So, my questions boil down to two:

1) Should the rogue detections on the controller match those in AirWave?

2) What do I need to look at to get them to match?

TIA

First thing to know is that the controller and AirWave can classify things very similar, but also very differently.  You will want to choose one or the other to perform classification for your network.

On the controller's Configuration tab -> there's a WIP wizard that lets you configure rules based on 5 conditions:

# of discovering APs

SNR (dB)

SSID

Classification

Confidence

AirWave provides the same conditions, but adds flexibility with some additional conditions including specific conditions seen from the wired side.

1)  Rogue detections will only match if you provide the same rules to both controller and AirWave, OR you set either the controller or AirWave as the dominant classification tool.

2)  You're going to want to look at the classification mechanism for both parts and compare.  On the controller -> go to Configuration -> WIP wizard, look at the rules.  In AirWave -> go to RAPIDS -> Rules.  Based on your network, which classification system is going to work better for you in your environment?  Keep in mind that both devices have a top down classification process, where the first rule that applies is where the classification will occur.