Trusted AP policies - gone in version 5?

Unanswered Question

Does anyone know the reasoning for the disappearance of the Trusted AP policies that were there in version 4.x and are now apparently missing in version 5.x?

In 4.x the command set was "wps trusted-ap ..." and there was the curious "Validate SSID" setting in the GUI which had no command line equivalent. Perhaps the Validate SSID setting was a relic in the GUI that never really did anything, i.e. perhaps it was an orphaned GUI option?

In 4.x we also had the "wps rogue-ap ..." command set which was relocated to just being the "rogue ..." (no longer under wps) commands. However the trusted-ap commands never moved out of the wps command set - they just disappeared.

I can't find any explanations in the Cisco documentation, so has anyone else maybe figured it out or asked Cisco?

I'm particulary concerned about the Validate SSID option because I've promised it would be enabled in a design done prior to version 5's release. Now the customer (now on version 5) is asking if it's enabled or not, and I can't tell them if it is because it's vanished!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rob.huffman Sat, 07/12/2008 - 07:36

Hi Justin,

This has changed in the 5.x release;

Here is the old info (pre-5.x);

Note You cannot configure SSID validation from the controller CLI. However, you can use the show wps summary command to see whether SSID validation has been enabled.

http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42sol.html

Here is the new 5.x info;

Classifying Rogue Access Points

From the Add Condition drop-down box, choose one or more of the following conditions that the rogue access point must meet and click Add Condition:

• SSID-Requires that the rogue access point have a specific user-configured SSID. If you

choose this option, enter the SSID in the User Configured SSID field, and click Add SSID.

Note To delete an SSID, highlight the SSID and click Remove.

http://www.cisco.com/en/US/docs/wireless/controller/5.0/configuration/guide/c5sol.pdf

Hope this helps!

Rob

Thanks Rob.

So are you saying that the old 4.x Trusted AP policies can now all be approximated by the new 5.x rule-based rogue classification? To me the old Validate SSID option never made much sense in the context of Trusted APs because, from the ref you quoted, it seems to have been intended to identify APs that are using one of your SSIDs and raise an alarm about it, i.e. it was meant to alarm on malicious rogues - not trusted ones.

And then also what about all those other Trusted AP settings that disappeared? Can they also be reproduced as rogue-classification rules?

Actions

This Discussion

 

 

Trending Topics - Security & Network