The client auto-classification policy determines how clients are classified upon initial discovery and subsequent associations with APs.
To configure client auto-classification, from Manage, select Configuration > WIPS > Client Auto-classification.
Initial Client Classification
Select the Automatically classify newly discovered Clients at this location as check box and specify whether newly discovered Uncategorized clients at a particular location should be classified as External, Authorized, or Guest.
Automatic Client Classification
Select one or more options to enable the system to automatically reclassify Uncategorized and Unauthorized Clients based on their associations with APs.
You can categorize these types of clients.
Clients connecting to Authorized APs
- All External clients that connect to an Authorized AP are re-classified as Authorized
- All Uncategorized clients that connect to an Authorized AP are reclassified as Authorized
- All Guest clients that connect to an Authorized AP are reclassified as Authorized
You can select these exceptions:
- Do not reclassify a client connecting to a Misconfigured AP as Authorized
- Do not reclassify a client if the client's wireless data packets are not detected on the wired network
Clients connecting to Guest APs
- All External clients that connect to a Guest AP are reclassified as Guest
- All Uncategorized clients that connect to a Guest AP are reclassified as Guest
You can select these exceptions:
- Do not reclassify a client connecting to a misconfigured AP as Guest
- Do not reclassify a client as Guest if its wireless data packets are not detected on the wired network (except if the connection is reported by WLAN controller)
Clients connecting to External APs
- All Uncategorized clients that connect to an External AP are reclassified as External
- All Uncategorized clients that connect to a Potentially External AP are classified as External
- All Guest clients that connect to an External AP are re-classified as External
- All Guest clients that connect to a Potentially External AP are re-classified as External
Clients connecting to Rogue APs
- All clients other than Authorized clients that connect to a Rogue AP are classified as Rogue
- All clients other than Authorized clients that connect to a Potentially Rogue AP are classified as Rogue
- Bridging to the Corporate Network — Classify any non-authorized client as Rogue if it is detected as bridging Wi-Fi to the corporate network.
RSSI Based Classification
You can enable RSSI-based client classification for uncategorized clients and/or external clients. This feature uses the signal strength of the client to determine a client's classification.
To configure RSSI Based Classification:
- Select the Enable RSSI based classification for the following types of Clients check box.
- Select if Uncategorized Clients and/or External Clients should be reclassified.
- In the Reclassify above Clients with RSSI greater section, select the dBm threshold. Clients with an RSSI greater than the specified value will be reclassified.
- In the classification drop-down list, select the classification to use when you reclassify clients based on the RSSI (Authorized, Guest, Rogue).
RSSI-based classification is for advanced users and should only be enabled in isolated wireless environments without much neighborhood Wi-Fi activity. Note these considerations if you want to reclassify clients as rogue clients:
- RSSI-based classification can result in legitimate neighborhood clients to be classified as rogue clients and subjected to containment if automatic prevention is enabled. This can cause disruption to neighborhood Wi-Fi networks as these clients classified as rogues will not be able to connect to other APs or clients when they are within your Wi-Fi network’s coverage.
- Low power clients or clients that are too far from the RSSI measurement point will still not get classified as rogue clients because they do not meet the RSSI threshold.