cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1281
Views
0
Helpful
6
Replies

Wired Rogue detection

mark.cronin
Level 2
Level 2

At present there are 2 options for wired to LAN wireless rogue detection

1) Enable Rogue Location Discovery Protocol which can detect wired to LAN access points that have open authentication

2) Deploy dedicated rogue detector access points which compare the wired arp tables with the wireless arp tables on the WLC's.

You can see the problem with option 1 - the rogue AP can only be detected if open authentication is used.

You can also see the problem with option 2 in the cost of deploying dedicated APs.

Do you think in future releases of WCS that the rogue detector AP can be replaced by simply getting the ARP table from the wired infrastructure via SNMP.

Does anybody know if this is a roadmap item for the WCS?

6 Replies 6

Leo Laohoo
Hall of Fame
Hall of Fame

I have never deployed AP's in Rogue Detection mode but I do get alarms for Rogues.

I am curious to know why you want to deploy a dedicated AP as a Rogue AP Detector when by default, AP can detect and "prosecute" Rogues.

My experience has been the only way to detect a Rogue on the WIRED, is with an AP in Rogue Detection Mode. I found this out by accident in my lab ... I had a autonomous 1200 side by side for months and it seen it as a rouge on the wireless. When i turn my lwapp ap into rogue detector it quickly identified it on the wired.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

OK - So if you have 40 access switches you will need 40 rogue detector APs.

This is a substantial cost.

I am hoping that in future releases of Cisco WCS they will be able to interrogate the access switches

for ARP traffic via SNMP rather than deploy the Rogue APs.

Do you think this will be possible?

With Rogue Location Discovery Protocol (RLDP) enabled you will only be able to detect if a Rogue AP is connected to your network if the authentication is OPEN.

If the Rogue AP has any authentication enabled then you will not be able to detect if the AP is connected to your network.

I think this is a big limitation of RLDP

so fill me in ... the arp would only be local to the access switch , thats why you would have one per switch? Can you fill in that gap for me?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

In older campus wired LAN designs with Layer 3 collapsed core distribution and layer 2 access layer the dedicated rogue detector was viable as you could configure the port on the collapsed core distribution switch that it was connected to as a trunk and the rogue detector could monitor all of the VLANs for ARP information. With newer campus wired LAN designs with Layer 3 at the access layer there is a requirement to install a rogue detector on all access switches.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: