RLDP Wireless MAC and Wired MAC

Unanswered Question
Feb 29th, 2008
User Badges:

I have been using RLDP and setting up Rogue sniffers on a trunk port for some time now and it has been working fine. It can detect the rogues on the wired network however when it does detect those rogues it shows the mac address of the wireless radio. Is there an easy way to find the mac address of the wired portion of the Rogue access point. I would like to accomplish this without the use of WCS because I do not have location maps ready for all of my locations. If I knew the mac of the wired port of the access point, I could obviously shut that port down and tell that location to send someone to find the culprit. If this isn't possible it's not a big deal but I would like to make my life easier. Thanks for any help.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Atkin Sun, 03/02/2008 - 09:38
User Badges:
  • Silver, 250 points or more

Hi Jason,

You shouldn't really need the MAC address of the wired AP. Typically an AP just bridges from wired to wireless, so if you follow the trail of wireless MAC addresses in your switch logs, the last switchport you identify is where the AP should be.

WCS will only tell you an approximate location of the rogue based on RF, scale maps, etc.. it can't help you identify what switchport it's in.

wowsersusa Sun, 03/02/2008 - 11:39
User Badges:

I know WCS can't help me however. for example a person brings in a home DLINK wireless router. The WAN port has an address of 00:19:5b however the WLC only picks up the wireless MAC that is broadcasting of 00:17:9A. When looking at the switch logs the switch does not see 00:17:9A it sees 00:19:5b because that is what is connected physically to the switch port. And I don't have all day to guess that well I see a rogue on the network now lets go look for it switch by switch and guess the mac address. That is my dilemma. I have now tested with Cisco, D-link, linksys and netgear and have found no easy way to find the actual Ethernet mac address unless I know it first.


This Discussion



Trending Topics - Security & Network