Wireless Access

Reply
Frequent Contributor II
Posts: 109
Registered: ‎01-01-2012

AM rogue detection prevention time

Hi,

 

I have a query regarding time required for an AP and AM to detect and prevent rogue APs in the network.

 

Is there any detail document  which specifies the time interval within which Rogue ap can be detected and prevented. 

 

Also any details regarding the time period for which AP monitors other channels , and how freqently this check happens..

 

Thanks

Guru Elite
Posts: 21,011
Registered: ‎03-29-2007

Re: AM rogue detection prevention time

Please read this.  http://www.arubanetworks.com/pdf/technology/tb_air_monitors.pdf

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 109
Registered: ‎01-01-2012

Re: AM rogue detection prevention time

i have read that document but is there any doc which can provide details regarding approx time in which detection and prevention can happen....I have read somewhere that AP scans air after each 10
seconds or so....need some more details
Guru Elite
Posts: 21,011
Registered: ‎03-29-2007

Re: AM rogue detection prevention time

[ Edited ]

The doc details the statistics involved.  There is no hard-set specific answer and it is all based on how many devices you have collecting information about rogues on the wired as well as wireless and how long it will take them to scan to do the matching.

 

Air monitors are faster because they scan faster than access points that are serving clients.  It all depends on the environment as well as how the network is configured.

 

EDIT:

 

The document does NOT detail the statistics involved.

 

If you have an Air monitor, on average it spends about half a second on each channel that it is scanning to look for wireless devices.  The time it would take to discover your device is half a second times the number of channels in your current regulatory domain.  The IDS profile in 6.1.x and above has algorithms that can optionally spend less time on empty channels and lesser used channels to speed this up.  If a rogue access point is not transmitting or currently switching channels at the time the air monitor is scanning, it will take another cycle to discover the access point.

 

Access points serving clients scan all of the channels in the regulatory domain, 1 every 10 seconds, so it would take longer to detect a device than an Air monitor.  If you have more access points, that will increase your chances, because they will be scanning differen channels at the same time.

 

Wired connectivity is essential to match a wireless devices with a wired device, so there must be an access point or a controller on the same layer2 VLAN as the rogue access point to provide a match.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 109
Registered: ‎01-01-2012

Re: AM rogue detection prevention time

hi Colin
thank you very much for the detail explanation....
Search Airheads
Showing results for 
Search instead for 
Did you mean: