cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1035
Views
5
Helpful
5
Replies

Block Rogue APs with Cisco Mobility Express 526?

damiangallo
Level 1
Level 1

I know larger Cisco Wireless LAN controllers have the ability to block Rogue APs. I have not seen this same feature in the 526. Is it possible to block APs that are not part of my wireless network.

There are 3 Cisco 521 APs and a Cisco 526 controller. There are APs in the buildings around the office building where the wirless is installed using the same channels as my APs. (1, 6 and 11)

What can I do to stop these rogue APs from interfering?

Thanks

5 Replies 5

jeromehenry_2
Level 3
Level 3

Hi,

2 points:

- Rogue policies are available on the 526 just like on the Enterprise solution (Check under Security > Wireless Protection Policies > Rogue policies)... but it may depend on which version of the code you run. This feature is available from release 5.2.157.

- Rogues are supposed to be illegitimate APs in your network, not legitimate APs belonging to your neighbors. In most countries, containing legitimate neighbor APs is illegal... as you cannot contain these legitimates APs, RRM is your best friend to automatically place your APs on the channels less affected by neighboring APs...

Hope it helps

Jerome

Jerome,

Thanks for the post. I noticed earlier in the controller under the RRM settings that the DCA channels were set to use only 1, 6, 11. I am assuming since there are 3 APs and there were three channels available that each AP used one of those channels. Those three channels also overlapped with the neighboring APs and therefore caused some issues.

Since then I have expended the DCA settings to include all the channels, but the APs in my office are still using 1,6, and 11. I did see some notifications that Rogue APs have been detected and were removed from base radio, but how can I be sure that RRM is working as it is supposed to?

I feel like the minute I turn my back the connection problems will start again. :)

I also noticed that I am running software version 4.2.61.8, which looks like it is an old version.

0 Wed Oct 28 17:35:56 2009 Rogue : 00:1f:33:c1:55:18 removed from Base Radio MAC : 00:1c:b0:05:36:60 Interface no:0(802.11b/g)

1 Wed Oct 28 17:15:55 2009 Rogue AP : 00:1f:33:c1:55:18 detected on Base Radio MAC : 00:1c:b0:05:36:60 Interface no:0(802.11b/g) with RSSI: -91 and SNR: -1

2 Wed Oct 28 16:44:57 2009 Rogue : 00:1f:33:c1:55:18 removed from Base Radio MAC : 00:1c:b0:05:36:60 Interface no:0(802.11b/g)

You know,

DCA is enabled by default, and there are only 3 non-overlapping channels anyway. Your APs are better on channels 1,6 and 11, hearing the neighboring APs (and taking their signals into account to determine when to send and when to stay quiet) than on other channels, where they would still get the interference but without the ability to hear when to stay quiet. RRM is a complex algorithm. You can learn more about here in places like here http://www.youtube.com/watch?v=gwCxVwmHnRw

Then trust it... and test if you want. You will probably find that the RRM algorithm takes the best decisions and optimizes your network given its RF possibilities... that's what it has been built for, and I honestly see very few cases when you would want to override its decisions...

Jerome,

I think this is now a wait and see game. Now there are more channels to use I think the problem I was having may be fixed, but until we use it for a while, we will not know.

Thanks for the video.

dmuralis
Level 1
Level 1

Hi- I agree with Jerome. If your APs see packets from any other AP that are not part of the same RF group, they will report them as rogues.

Auto-rf is recommended to remain on since if there is too much interference in that channel, that will be taken into account by the controller for RRM algorithm amongst other things, and your AP channel will be changed should it be required.

Since you know that these ar your neighboring APs, you can mark them as Known External.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: