LWAPP upgrade image disables wired-side rogue alerts?

Unanswered Question

All,

Just saw this in Open caveat the Field Notes for the LWAPP Upgrade Image 12.3.7-JX. Nicely tucked away at the end of the doc. Has anyone seen this? I have upgraded 100s of 1231s across a wide footprint and have not seen a single wired-side rogue (Threat level alert) in the WCS (and I'm not blocking the RLDP ports), which is highly unlikely in my environment.

I hope this does not mean all APs upgraded using this stub recovery image will not be able to alert properly on wired-side rogues. Thsi doesn't seem to make sense since the APs load a new code once joined to a controller, correct?

CSCsb47748?When the Rogue Location Discovery Protocol (RLDP) is enabled on a controller, associated access points converted to lightweight mode do not detect rogue access points as a threat.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
beth-martin Thu, 03/08/2007 - 11:54

Does the rogue alert events come up if you disable RLDP? Have you tried this just to make sure if you are hitting this bug. You can try disabling RLDP by creating a filter.

One update after talking to Cisco:

The mechanism used to find rogue APs is by the controller attempting to ping itself through the wireless.

This ONLY works if the rogue AP has its settings security as OPEN.

Therefore, if the rogue is on network, but has any kind of security - even WEP - it will not show up as on network.

- John

Thanks John,

Yeah we're aware of that - but we're as certain that there's some out there that are open. In fact I had this working under WLC 3.0 versions with an open Apple Airport Express AP. This does not seem to work anymore with 4.x. The Caveat regarding the LWAPP Recovery image causing APs not to report Rogues as Alerts is puzzling. Doesn't this code get overwritten by the controller after its upgraded, or is the LWAPP code just a wrapper that encapsulates everything sent from the IOS Upgrade image (kernel)? This is what it sounds like...

Actions

This Discussion

 

 

Trending Topics - Security & Network