Wireless intrusion prevention system (WIPS) is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention).
The primary purpose of a WIPS is to prevent unauthorized network access to local area networks and other information assets by wireless devices.
All detected BSSIDs by WIPS configured devices are reported to the elected RF Domain Manager.
Detected devices are either classified as Neighboring, Interfering or Rogue. Before an Access Point is classified as a Rogue it must also be detected on the Wired network.
Access Points forward their MAC address tables for each VLAN to the elected RF Domain Manager (RFDM). MAC Addresses from known neighbors and Wireless Clients are filtered. Then the RFDM will correlate the MAC address learned over the air with the MAC addresses learned from the wired network to find a match. If a match is detected, an event is generated and automatic or manual mitigation based on configured WIPS policy can be performed.