WiSMs appear to be auto-containing rogues

Unanswered Question
Mar 12th, 2009

(This appears to be the converse situation of another relatively recent post. I thought it might be better to have a separate thread rather than muddy up that conversation).

I have a relatively new deployment of 8 WiSMs controllers (4 of which are currently production and 4 are available for failover). The WiSMs are running code v5.2.157.0 and I have about 50 AP1252's split between the 4 production controllers.

We also have WCS v5.2.130.0 in the environment to manage the controllers. I am a little concerned by some messages I am seeing on the WCS which seem to indicate the WiSMs are auto-containing rogues even though I have verified there are no Auto-Contain features enabled on any of the WiSM controllers.

Here is a sample of a WCS log entry which concerns me:

Rogue AP '00:23:75:07:68:b0' with SSID 'qwest5184' and channel number '4' is detected by AP 'xxxx-2-a4' Radio type '802.11b' with RSSI '-92' and SNR '5'. RogueAP contained.

I can dig up more of these but all seem to indicate an action is being taken on Rogue APs even though we specifically have these options unselected (under Security | Wireless Protection Policies | Rogue Policies | General) and their are no Rogue Rules defined either.

Is there anywhere else I should be checking where something like this could be enabled?

I need to make sure I am not being a problem before I can go to my neighbors and expect the same.

Thanks for any ideas.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Leo Laohoo Thu, 03/12/2009 - 16:03

WEIRD! Auto-Contain Rogue AP is disabled by default.

Go to Security -> Wireless Protection Policies -> Rogue Policies -> General.

John.Gerlach Sun, 03/15/2009 - 19:27

I have verified that each of the controller has these options inactive on the following screen:

(under Security | Wireless Protection Policies | Rogue Policies | General)

If there is somewhere else I should be looking, I would be relieved to hear it.

Nigel Bowden Fri, 05/22/2009 - 00:23

Did you get a resolution to this?

I have the same issue, but am unsure if my WLC's are auto containing rogues, or whether WCS is just falsely reporting the containment.

I see no auto containment setting anywhere on my WLC (, so I doubt very much it is auto containing.

Anyone know where I can check/look?

My WCS version is 5.2.130.


This Discussion



Trending Topics - Security & Network