578 CHAPTER 26: R OGUE DETECTION AND COUNTERMEASURESConfiguring anAttack ListThe attack list specifies the MAC addresses of devices that MSS shouldissue countermeasures against whenever the devices are detected on thenetwork. The attack list can contain the MAC addresses of APs andclients.By default, the attack list is empty. The attack list applies only to the WXswitch on which the list is configured. WX switches do not share attacklists.When on-demand countermeasures are enabled, only those devicesconfigured in the attack list are subject to countermeasures. In this case,devices found to be rogues by other means, such as policy violations or bydetermining that the device is providing connectivity to the wirednetwork, are not attacked.If you are using on-demand countermeasures in a Mobility Domain, youshould synchronize the attack lists on all the WX switches in the MobilityDomain. See “Using On-Demand Countermeasures in a Mobility Domain”on page 581.To add an entry to the attack list, use the following command:set rfdetect attack-list mac-addrThe following command adds MAC address aa:bb:cc:44:55:66 to theattack list:WX4400# set rfdetect attack-list 11:22:33:44:55:66success: MAC 11:22:33:44:55:66 is now in attacklist.To display the attack list, use the following command:display rfdetect attack-listThe following example shows the attack list on a switch:WX4400# display rfdetect attack-listTotal number of entries: 1Attacklist MAC Port/Radio/Chan RSSI SSID----------------- ----------------- ------ ------------11:22:33:44:55:66 dap 2/1/11 -53 rogue-ssidTo remove a MAC address from the attack list, use the followingcommand:clear rfdetect attack-list mac-addr
