Help with Switchport Trace on WCS v 5.2.130

Answered Question
Mar 27th, 2009

I am having trouble getting the "switchport trace" for rogue devices working. I have imported a seed list of switches and made sure that snmp RW community is correct. However, I am still not able to run the trace and have it return any results - always get "switchport trace failed". Anybody got this working that could offer some additional insight. Thanks in advance.

I have this problem too.
0 votes
Correct Answer by didyap about 7 years 8 months ago

Currently, WCS provides rogue access point detection by retrieving information from the controller. The rogue access point table is populated with any detected BSSID addresses from any frames that are not present in the neighbor list. At the end of a specified interval, the contents of the rogue table are sent to the controller in a Lightweight Rogue AP Report message. With this method, WCS would simply gather the information received from the controllers; but with software release 5.1, you can now incorporate switch port tracing of wired rogue access point switch port. This enhancement allows you to react to found wired rogue access points and prevent future attacks. The trace information is available only in the WCS log and only for rogue access points, not rogue clients.

http://www.cisco.com/en/US/docs/wireless/wcs/5.2/configuration/guide/5_2ctrlcfg.html#wp1089752

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
didyap Thu, 04/02/2009 - 09:47

Currently, WCS provides rogue access point detection by retrieving information from the controller. The rogue access point table is populated with any detected BSSID addresses from any frames that are not present in the neighbor list. At the end of a specified interval, the contents of the rogue table are sent to the controller in a Lightweight Rogue AP Report message. With this method, WCS would simply gather the information received from the controllers; but with software release 5.1, you can now incorporate switch port tracing of wired rogue access point switch port. This enhancement allows you to react to found wired rogue access points and prevent future attacks. The trace information is available only in the WCS log and only for rogue access points, not rogue clients.

http://www.cisco.com/en/US/docs/wireless/wcs/5.2/configuration/guide/5_2ctrlcfg.html#wp1089752

nagel Thu, 04/02/2009 - 10:15

Thanks for forcing me to take another look. It appears that I was trying to trace Rogues that were detected but not actually plugged into my switches. Under a controlled simulation - I find that the feature actually works.

Actions

This Discussion