04-14-2009 07:30 AM - edited 07-03-2021 05:26 PM
At present there are 2 options for wired to LAN wireless rogue detection
1) Enable Rogue Location Discovery Protocol which can detect wired to LAN access points that have open authentication
2) Deploy dedicated rogue detector access points which compare the wired arp tables with the wireless arp tables on the WLC's.
You can see the problem with option 1 - the rogue AP can only be detected if open authentication is used.
You can also see the problem with option 2 in the cost of deploying dedicated APs.
Do you think in future releases of WCS that the rogue detector AP can be replaced by simply getting the ARP table from the wired infrastructure via SNMP.
Does anybody know if this is a roadmap item for the WCS?
04-14-2009 05:40 PM
I have never deployed AP's in Rogue Detection mode but I do get alarms for Rogues.
I am curious to know why you want to deploy a dedicated AP as a Rogue AP Detector when by default, AP can detect and "prosecute" Rogues.
04-14-2009 07:55 PM
My experience has been the only way to detect a Rogue on the WIRED, is with an AP in Rogue Detection Mode. I found this out by accident in my lab ... I had a autonomous 1200 side by side for months and it seen it as a rouge on the wireless. When i turn my lwapp ap into rogue detector it quickly identified it on the wired.
04-15-2009 12:27 AM
OK - So if you have 40 access switches you will need 40 rogue detector APs.
This is a substantial cost.
I am hoping that in future releases of Cisco WCS they will be able to interrogate the access switches
for ARP traffic via SNMP rather than deploy the Rogue APs.
Do you think this will be possible?
04-15-2009 12:21 AM
With Rogue Location Discovery Protocol (RLDP) enabled you will only be able to detect if a Rogue AP is connected to your network if the authentication is OPEN.
If the Rogue AP has any authentication enabled then you will not be able to detect if the AP is connected to your network.
I think this is a big limitation of RLDP
04-15-2009 07:28 AM
so fill me in ... the arp would only be local to the access switch , thats why you would have one per switch? Can you fill in that gap for me?
04-16-2009 12:36 AM
In older campus wired LAN designs with Layer 3 collapsed core distribution and layer 2 access layer the dedicated rogue detector was viable as you could configure the port on the collapsed core distribution switch that it was connected to as a trunk and the rogue detector could monitor all of the VLANs for ARP information. With newer campus wired LAN designs with Layer 3 at the access layer there is a requirement to install a rogue detector on all access switches.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: