How can I block illegal wireless using WCS?

Unanswered Question
Dec 29th, 2009
User Badges:


I wondering if there is a way in WCS to prevent or shut any new wireless Networks that it sees other than its managed ones? If WCS does not do it is there a software.


B Mathews

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kayle Miller Tue, 12/29/2009 - 10:19
User Badges:
  • Silver, 250 points or more


     There are containment features for rogue access points (or atleast there used to be), it is not advised for legal reasons. Since the 2.4Ghz (802.11b/g/n) and 5Ghz (802.11a/n) frequencies are unlicensed it means anyone can use them at any time as long as they don't exceed the FCC maximum power limits, if you were to Jam them or act in such a way as to inhibit any persons use of the band then you would be breaking an FCC law (See FCC Part 15); Which basically states "any such device is that it may not cause any harmful interference." and theoretically since that is the direct intent of jamming or containment is to cause harmful interference then could potentially seek legal action.

     So my advice to you would be to research it further before you take any actions and even then make sure you are legally covered, since you have no legal rights to the frequency and therefore can't claim it as solely your own, the same applies to the other, this is an area where it's best to try and work with the other WiFi owners and see if you can find a compromise.

Hope this helps.

George Stefanick Tue, 12/29/2009 - 12:08
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

To piggy back on KM post.

You can use Rogue Containment as an option. RC when enabled tells your Cisco APs to spoof the mac address of the rogue AP and send deauth frames to any clients wanting to attach to the rogue access point. So you dont touch the rogue AP, you just tell the clients not to attach to it.

keep in mind, I actually did some light testing where we had over 200 rogues and turned on full out RC on everything as a brift test. I found the medium suffered by 20% as the APs were taking up the medium sending excessive deauthication frames.

RC is mostly use to put a rogue in check until you can investgate it ... Not something that is niormally left on by most clients.

Leo Laohoo Tue, 12/29/2009 - 15:10
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

And to piggyback Kayles and George's post:

I have used the WLC/WCS Containment option successfully (much to the chagrin of my employer) several times.  Before we employed WCS and because of the serious repercussion if I "prosecuted" the wrong AP, I had to be very sure the Rogue AP and/or Clients were INSIDE the WLAN/LAN premises of my employer.  I don't care if the Rogue APs and/or Clients were OUTSIDE the physical building of my employer.  I was given the green-light for those found inside the four corners of the building.  I used a crude method of triangulating the location of the Rogue AP and contained the AP.

After several successful "prosecution" of Rogues, our team became known as the Wireless Gestapo.

My advice is:  Aim before you shoot.


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode