How do you turn off rogue AP's on 4400's

Unanswered Question
Mar 25th, 2008
User Badges:

We have some rogue AP's that I can see on our 4400 controllers but I can't figure out how to disable these buggers and I can't see the mac address on the POE switches (sh cam dyn) that the user community connects thru, is there any special command or process to follow so they don't interfere with my network?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dennischolmes Wed, 03/26/2008 - 04:56
User Badges:
  • Gold, 750 points or more

There are a few things you can do. First, if you have WCS with location services you need to map the location of the rogue. To do this click on the link to the rogue AP. When the page is open then look in the upper right hand corner for a pull down box that has several options. Select the option for mapping the rogue. This will give you its location. Next, in the same pull down list select to contain the AP by using a 1-4 AP containment. Then number you select is based on the number of detecting APS. Containment makes the rogue unusable as its MAC address is spoofed by the containing APs and a deauthentication flood is sent to all clients attempting to connect to it. Third, go collect the rogue.


It is important for you to make sure the rogue is a direct threat to your network before you take the containment step. The FCC has a good neighbor policy. If you were to contain the Starbucks next door to you I am sure you could see the problem.


A feature called RLDP or rogue location, sends a ping from the wireless radio of one of your detecting APs to itself aimed at the rogue. If it sees the ping come back on the ethernet side then verification that the rogue is physically on your network has been proven. Then it would be reasonably safe to contain.

kfarrington Tue, 07/01/2008 - 06:39
User Badges:

Is rogue location different from RDLP here? Dont you need to configure the RLDP AP as a trunk interfaces or sommat?


Many thx guys, very interesting thread.


Kind regards,

Ken

dennischolmes Tue, 07/01/2008 - 11:54
User Badges:
  • Gold, 750 points or more

RLDP from the Airespace point of view was an extension of rogue detection where the rogue device was identified as an actual threat existing on your local network and was automatically contained. After containment was completed an alarm was sent to the controller and subsequently WCS so that you could locate and confiscate the offending device. RLDP was disabled by Cisco early on for legal reasons.

Actions

This Discussion

 

 

Trending Topics - Security & Network