Trust Levels provide one of the strongest methods to identify your networks and provide a policy boundary around who is allowed to connect and where.

How Automatic Trust Level Assignments Are Decided

The automatic assignment of Trust Level by analytics only happens to new APs and those in the Unassigned Trust Level. After an AP has been assigned it is never automatically changed by analytics.

With that being said here are the various methods that will automatically move assignments:

• The first time an AP is observed by the platform, the Analytics process will:
  • Check the BSSID against the Resources: My APs. If a full match is found (BSSID and ESSID) the Resources My Networks Trust Level is applied.
    
    
  • Check the ESSID against all Resources: My Networks names. If a similar, but not fully equal, match is found the Rogue Trust Level is assigned. For example the name "Guest Network" is in My Networks but the new AP with the name "Guest NetwOrk" does not exist in My APs. Because the name is similar it will be assigned.
    
    
  • Check the ESSID against the observed APs assigned to configured Trust Levels. The assignment will be based on the configured option for the first network that matches. For example Trust Level "Trusted" has been to APs with the name "Corp100" and any new AP that is observed is to be assigned the Rogue Trust Level.
     
• If an AP has been repeatedly observed by the platform for one to two days it will be assigned to one of two Trust Levels:
  • High Threat: AP with no or WEP encryption
  • Suspected Neighbor: All other APs