Wireless Access

Today our airwave is only alerting on wired to wireless, and cloned SSID detection. I have been tasked to also monitor rogue devices such as MIFI's and laptops running adhoc from our datacenters only. Is that possible to monitor and alert on those devices only from AM's installed in those rooms. Looking at the rapids rules section doesn't seem to be a way to setup a rule to only detect on certain AM's or AP group. Does anyone know how this could be done?

It'd be a feature request for a rule action, trigger/alert action.

A workaround method could be: have those devices isolated into group or folder.  Then run a 'new rogue devices' report on the selected group(s) / folders(s).  And you could have that report set to run and email to your inbox hourly.

Would there be anyway to SNMP trap filter with our monitoring tool based on detection by only those AP's? I guess I'm wondering if there is a way to send the detecting AP. I will investigate the report methode I think they wanted to have something that was realtime monitoring we would put up warning signs on the data center doors said to notify our operations before using a MiFI device.

You could try:

System -> Triggers, Type = Device Event

Create a trigger for SNMP Traps for rogue discovery events from the controller, and have that set to send to an external NMS setup.

(You'd have to setup the external NMS monitoring from AMP Setup -> NMS to get the NMS alert option at the bottom of the trigger setting)

I haven't done this, but it seems like it could work if I knew what the discovery event messages looked like.

What about an IDS profile on the controller configured to an AP group that only has 1 Air Monitor in it. I don't know much about IDS need to learn more about that.