Saturday, November 14, 2009

DHCP ARP Rogue Detection and MFPs

[notes]
DHCP & ARP protection

     When a WLC is a DHCP relay, it checks that the MAC included in the DHCP request matches the MAC of the WLAN client sending the request. The WLC does not forward DHCP requests back out the WLAN, this prevents a WLAN client from acting as a DHCP server.

WLCs do not allow direct ARP communication between WLAN clients.

AIR/RF detection
      When searching for a rogue AP, a LAP goes off channel for 50ms to listen for rogue clients and to monitor for noise & channel interference.


Rogue detector – radio is OFF, its role is to listen on the wired network for MAC addresses of clients associated to rogue APs. It listens for ARP packets that include these macs.
      -should be connected to all available broadcast domains using a switched port analyzer (SPAN)


MFP- the MIC used in MFP is not a simple crc hashing of the message – it also includes a digital signature component. This component is shared among mobility groups.

No comments:

Post a Comment