Daniel, We use RAD (on AP-2000) more for the detection of unwanted APs connected to wired subnets than for electromagnetic interferences. (our job is probably easier for interferences compared to an uptown Manhatan school though!)
Our Wireless philosophy is: put Wireless on a dedicated network (physical or logical (VLAN)) and increase monitoring on that subnet. The wired network has that fake feeling of security related to the physical access. It still requires "an uninvited guest" a lot more energy to join a wired network than a wireless network....unless a faculty/staff/student decides to plug an AP on the wired network, wide open with admin password set to "public"...that's where RAD helps us. Leg work is the only reliable way that we have found for on-site detection once a warning is sent by RAD. (I wish that Proxim would include the Signal Strength of the rogue AP detected...I made a request to them...let's hope for the next software release) You get a Wireless MAC from the RAD trap...if you want to find the rogue AP on the wired side of things your are up for a nice job: What if it is a Linux AP with a 3com ethernet card and a lucent Wireless card! Wired OUIs don't always match wireless OUIs elegantly in APs! There are software that will try profiling APs on the wire, but we haven't used those. We thought about enabling port-security on switches allowing one MAC address only per port, but NAT boxes will beat that. You can detect NAT boxes on a network (http://www.sflow.org/detectNAT/)... ...after all a good leg work doesn't seem so bad heh! We do not use baseball bat yet, even though the Louisville factory is a few miles down the road. We try to use the AUP and explain that they create a breach in the wired network, then block the MAC address in core switches if the explanation doesn't fly. We see these occurences where we don't provide centralized wireless (Dormatories, "forgotten" buildings...) We have not encountered an outside AP (not connected to UT's wired network) "interfering" with our wireless network, but we have encountered a lot of "WISP without consent" (registered users using their radio expertise to connect from remote places...and providing network services to their buddies) An analysis of BW/user/AP gives good clues for those cases. Again, block the MAC in switches and keep a good monitoring of APs that are in geographically-advantageous locations. Regards, Philippe Hanset University of Tennessee On Mon, 15 Mar 2004, Daniel Medina wrote: > We've recently deployed "rouge access point detection" on some of our > upgraded Proxim hardware. It reports access points operating in the > area using different SSIDs. > > Now we know there's interference...so what? Some of the interference > appears to be devices with built-in wireless, operating in ad-hoc mode. > Others are semi-permanent "rogue" installations. Some of these devices > are not wired at all. They're not easy to find (read: legwork required) > > It's easier to block rogue DHCP servers, etc, from the wired network. > What are people doing to clamp down on rogue wireless devices? Send out > teams armed with triangulating equipment and a baseball bat? > > And for a bit more information: we have over 250 APs across campus, > covering a few city blocks. We do have one "official" SSID, but that > doesn't stop interference from being a problem (channels 3, 6, and 11 > are used by the major vendors). > > -- > Daniel Medina > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/cg/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
