testing rouge detection 802.11N is under the radar of the wireless network

Unanswered Question
Feb 20th, 2009

I was testing rouge detection and port location. My rouge is a new 802.11N Linksys home AP. The AP is up on the network and I have a laptop connected and using the AP.

The lwap AP's within the vacinity have yet to see it and identify the device. The APs on the lwap side are 1252's and they are all fully functional. is the code that is in place right now. Our scheduled upgrade to 5.2 is weeks away.

WCS has yet to report this rouge on the network nor the fact that it is also on the wired network as well. Has anyone else seen this ? This is a big concern from two fronts. State office locations using these devices and the fact that they can't be identified.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Johannes Luther Fri, 02/20/2009 - 09:23

I have a few questions regarding your case:

- Do you broadcast the SSID on your rogue AP?

- Do you use WEP/WPA/WPA2 on your rogue AP, or is it an open network?

Johannes Luther Fri, 02/20/2009 - 12:23

The rogue discovery protocol works like that (I guess):

The AP, that detects the rogue AP, associates with the rogue - obtains an IP via DHCP and pings the management IP of the WLC. If the WLC responds, the rogue is in the wired network.

I doubt it'll work, if the rogue AP has encryption/authentication in place.

Leo Laohoo Wed, 03/04/2009 - 15:48

Go to Security -> Wireless Protection Policy -> Rogue Policies and verify your settings.

You can also go to Rogue Rules and add specific details.


This Discussion