RADAR passive scans for rougue access points


Userlevel 3
  • New Member
  • 65 replies
Hi,
assume an access point (AP37xx,Ap38xx) is configured with an in-service-scan profile and has the option "rogue AP detection" enabled. The access point forwards user packets on Channel 1 (2,4 GHz).

Will the access point detect rogue access points on other channels than Channel 1?

I know that prevention countermeaseures will only work on channel 1 but im curiuos about detection.

6 replies

Userlevel 4
HI Arndt,

When in-service the AP does not change channels for assessment or countermeasures. As such, In-service AP will only detect threats in its own channel of operation (Channel 1 in this case).

For more extensive off-channel detection the recommendation would be to deploy an AP in Guardian mode.

Paulo
Paulo Francisco wrote:

HI Arndt,

When in-service the AP does not change channels for assessment or countermeasures. As such, In-service AP will only detect threats in its own channel of operation (Channel 1 in this case).

For more extensive off-channel detection the recommendation would be to deploy an AP in Guardian mode.

Paulo

Is there a design guide for deploying APs in Guardian mode? I'm about to replace a bunch of 3710s with 3825s and have bought some Radar licenses so I can redeploy the old APs for dedicated scanning.
Userlevel 7
Paulo Francisco wrote:

HI Arndt,

When in-service the AP does not change channels for assessment or countermeasures. As such, In-service AP will only detect threats in its own channel of operation (Channel 1 in this case).

For more extensive off-channel detection the recommendation would be to deploy an AP in Guardian mode.

Paulo

No design guide that I know of. Typically I think we suggest a 5 ap to 1 Guardian model, you want the Guardian to be in listen range of your access points.
Paulo Francisco wrote:

HI Arndt,

When in-service the AP does not change channels for assessment or countermeasures. As such, In-service AP will only detect threats in its own channel of operation (Channel 1 in this case).

For more extensive off-channel detection the recommendation would be to deploy an AP in Guardian mode.

Paulo

That's a good starting point, thanks.
Userlevel 4
Paulo Francisco wrote:

HI Arndt,

When in-service the AP does not change channels for assessment or countermeasures. As such, In-service AP will only detect threats in its own channel of operation (Channel 1 in this case).

For more extensive off-channel detection the recommendation would be to deploy an AP in Guardian mode.

Paulo

You can also use Estimator Tool to calculate the number of required sensors/Guardian needed to cover an approximate similar surface area
Userlevel 7
Paulo Francisco wrote:

HI Arndt,

When in-service the AP does not change channels for assessment or countermeasures. As such, In-service AP will only detect threats in its own channel of operation (Channel 1 in this case).

For more extensive off-channel detection the recommendation would be to deploy an AP in Guardian mode.

Paulo

I don't think we post that Estimator Tool to the general public?

Reply