Rogue access points mostly refer to those unauthorized and unmanaged APs attached to existing or nearby networks which could bring harm to the deployed WLAN or gain access to confidential business information. With Background Scanning enabled, the rogue AP detection feature can be used to periodically scan 2.4 GHz and 5 GHz frequency bands to identify rogue wireless access points not managed by the EWS switch.
Column Filter
Shows or hides fields in the list.
Search Bar
Use the Search Bar to search for specific rogue access points detected using the following criteria: BSSID, SSID, Type, Channel, Mode, Band, Security, and Detector.
From here, you can Enable or Disable the Log settings for the EWS switch.
The System Log is designed to monitor the operation of the EWS switch by recording the event messages it generates during normal operation. These events may provide vital information about system activity that can assist in the identification and solutions of system problems.
The EWS switch supports log output to two repositories: Flash and RAM. The information stored in the system’s RAM log will be lost after the switch is rebooted or powered off, whereas the information stored in the system’s Flash will be kept even after the switch is rebooted or powered off. The flash repository has a fixed capacity; at a certain level, the EWS switch will start deleting the oldest entries to make room for the newest.
Severity Level
RFC 5424 defines eight severity levels:
The internal log of the EWS switch has a fixed capacity; at a certain level, the EWS switch will start deleting the oldest entries to make room for the newest. If you want a permanent record of all logging activities, you can set up your syslog server to receive log contents from the EWS switch. Use this page to direct all logging to the syslog server. Click the Add button, define your syslog server, and select the severity level of events you wish to log.
This page displays the most recent records in the EWS switch's internal log. Log entries are listed in reverse chronological order (with the latest logs at the top of the list). Click a column header to sort the contents by that category.
Export Click Export button to export the current buffered log to a .txt file.
Clear Click Clear button to clear the buffered log in the system's memory.
If an alert is detected, the EWS switch will record it in the event log. The EWS switch can also be configured to send email notifications for selected events.
Mail Alert State: Select whether to Enable/Disable email notification.
Mail Information Setting
SMTP Server: Enter the name of the mail server.
SMTP Port: Enter the SMTP port.
SSL/TSL: Enable this option if your mail server uses SSL/TLS encryption.
Authentication: Select this option to enable authentication.
User Name: Enter the username required by the mail server.
Password: Enter the password required by the mail server.
From Mail Address: Enter the email address that will appear as the sender of the email alert.
To Mail Address: Enter the email address to which the EWS switch will send alarm messages. You can only send alarm messages to a single email address.
Subject: Enter the subject of the email notification.
Test: To verify that the EWS switch can send email notifications using the SMTP settings you just configured, please click the Test button for a quick test.
Apply: Click Apply to save settings.
Use this page to choose which types of events will trigger the EWS switch to send an email notification. When any of the selected events occur, the EWS switch sends an email notification to the email address that you specified in the Monitoring > Email Alert > Alert Settings section.
The table below provides explanations for EWS controller syslog event messages.
Code
Severity
Description
General Description
0
EMERG
System is unusable
A "panic" condition usually affecting multiple apps/servers/sites. At this level, all tech staff on call would be notified.
1
ALERT
Action must be taken immediately
This should be corrected immediately; please notify staff who can fix the problem.
2
CRIT
Critical conditions
This should be corrected immediately; please notify staff who can fix the problem.
3
ERROR
Error conditions
Non-urgent failures, these should be relayed to developers or admins; each item must be resolved within a given time.
4
WARNING
Warning conditions
Warning messages, not an error, but indication that an error will occur if action is not taken, (e.g., file system 85% full). Each item must be resolved within a given time.
5
NOTICE
Normal but significant condition
Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required.
6
INFO
Informational messages
Normal operational messages - may be harvested for reporting, measuring throughput, etc. - no action required.
Items
Descriptions
IP/Hostname
Specify the IP address or host name of syslog server
Server Port
Specify the port of the syslog server. The default port is 514.
Severity Level
RFC 5424 defines eight severity levels:
Facility
The log facility is used to separate out log messages by application or by function, allowing you to send logs to different files in the syslog server. Use the drop-down menu to select local0, local1, local2, local3, local4, local5, local6, or local7.
RAM
The information stored in the system’s RAM log will be lost after the switch is rebooted or powered off.
Flash
The information stored in the system’s Flash will be kept even after the switch is rebooted or powered off.
Controller
Display controller related logs.
Switch
Display switch related logs.
Wireless Client
Display wireless client activities from managed APs.
All
Display logs from both controller and switch
Event Type | EWS Syslog Message | Severity Level |
Status of AP Controller | Controller is enabled | INFO |
Status of AP Controller | Controller is disabled | WARNING |
Certificate Changed | SSL certificate updated | INFO |
Certificate Changed | SSL certificate will expire in {value} days | WARNING |
Certificate Changed | SSL certificate has expired | ERROR |
Certificate Changed | [AP Name] [AP MAC]'s SSL certificate has been updated | INFO |
AP Managed | [AP Name] [AP MAC] added to management list | INFO |
AP Managed | [AP Name] [AP IP] removed from management list | INFO |
Status of AP | [AP Name] [AP MAC] online | INFO |
Status of AP | [AP Name] [AP MAC] reset | INFO |
Status of AP | [AP Name] [AP MAC] offline | WARNING |
Status of AP | [AP Name] [AP MAC] has invalid IP [IP Address] | WARNING |
Status of AP | [AP Name] [AP MAC]'s active client number reaches client limits {value} of [2.4/5]GHz | WARNING |
AP Configuration Changed | [AP Name] [AP MAC] configuration updated | INFO |
AP Firmware | [AP Name] [AP MAC] firmware version is incompatible | WARNING |
AP Firmware | [AP Name] [AP MAC] started to upgrade firmware from [old-ver] to [new-ver] | INFO |
AP Firmware | [AP Name] [AP MAC] firmware upgrade failed | ERROR |
From here, users can view wireless client information, temporarily disconnect, and permanently block the wireless clients that are associated with the access points managed by EWS switch. In addition, EWS switch is capable to identify client devices by their operating system, device type and host name when client devices are using DHCP. If multiple access points are within the same network, please use the search bar to find the specific access point by its name or MAC address.
Items | Functions | Descriptions |
Kick Client | Use this function to temporarily disconnect a wireless client from the WLAN. The disconnected client can simply reconnect manually if they wish to. |
Search Bar | Use the Search Bar to search for wireless clients managed by the EWS switch using the following criteria: Client Name, Client IP, Client MAC Address, Client OS, AP Device Name, AP MAC Address, Model Name, SSID, Band, TX Traffic, RX Traffic. |
