Skip to main content

Who can use this feature?

  • Any user with read-only or greater permissions

What is WIDS?

WIDS (Wireless Intrusion Detection System) helps protect your network by continuously monitoring for wireless security threats. It detects and alerts you to potential security risks in real-time. Currently, it detects:
  1. Honeypot SSIDS: External SSIDs broadcasting with identical names (Honeypot SSIDs) to the ones on your network.
  2. Rogue access points: Non-Meter access points that may be connected to the Meter network.
WIDS is built into every Meter Network and does not need to be enabled.

Accessing WIDS

WIDS can be found under Network > Wireless > WIDS.
WIDS interface

Rouge APs

Rogue APs are wireless access points that are connected to the Meter network, broadcasting an SSID. These are discovered by comparing BSSIDs seen by Meter Access points to MAC addresses in Meter Switch MAC tables. Matches will show as a Rogue AP. Here is an example of this detection:
Rogue AP detection example
Clicking on the drop-down next to the Vendor information will reveal more details. If a Rogue AP is detected, the MAC address and Meter switch connection will be listed. Each Meter access point that detects the Rogue AP will also be listed along with the SNR value to identify proximity. Higher SNR indicates that the rogue device is likely closer to that specific Meter access point. It is important to note that not all ‘Rogue’ APs are malicious or will cause issues on the network. In this screenshot, a printer is being detected as a Rogue AP. This is likely expected and not harmful to the network. Adding this device to the Allowlist will prevent this device from being flagged as a Rogue AP.

Honeypot SSIDs

Honeypot SSIDs are unknown access points broadcasting identical SSIDs (the Wi-Fi network name) close enough to the Meter network that Meter APs can detect their signal. A honeypot SSID can be broadcast from a Rogue AP, but it can also be broadcast from an AP not connected to the Meter network. If a honeypot SSID is detected, it will be displayed here:
Honeypot SSID detection
The list contains all detected Honeypot SSIDs. Clicking on one will show the Broadcasters or the device from which the SSID is originating. Clicking on a Broadcaster will list the Meter APs that detected the honeypot SSID: 5d9bee06 Cee3 48aa 8217 A8e255974049 Pn Similar to Rogue APs, the SNR is also listed here. The Broadcaster will likely be closest to the Meter AP that is showing the highest SNR.

Allowlist

If you are actively monitoring for Rogue APs or Honeypot SSIDs, and getting alerts for a known safe device, the llowlist can be used to mark these APs or SSIDs as ‘safe’ and prevent alerts from firing. Rogue APs can be added to the Allowlist using the ‘Actions’ menu:
WIDS Allowlist
Similarly, Honeypot SSIDs can be added in the same way:
Adding Honeypot SSID to Allowlist
Click on the Allowlist tab to view any allowed Rogue APs or SSIDs that may already exist. Click on an individual entry to edit or delete it with the Actions menu:
WIDS Allowlist entries
Allowlist entries can also be created manually by using the ‘Add entry’ button.
Adding entry to WIDS Allowlist
Enter the MAC address of the Rogue AP, or select an SSID to add to the Allowlist:
Manual WIDS Allowlist entry

Alerting for Rogue APs or Honeypot SSIDs

Alerting for both Rogue APs and Honeypot SSIDs is available as separate triggers. See Settings > How to Configure Alerts. If you have any questions about the WIDS or need further assistance, feel free to contact Meter Support at support@meter.com or submit a ticket at meter.com/support.
I