Rogue detection

Answered Question
Jul 30th, 2010
User Badges:

Hi,

I would need some clarifications about rogue AP detection. First, in order to configure the passive rogue detection is it necessary to just setup a rogue detector AP or I also need to enable RLDP? Second, in your experience how much is it reliable?

Thanks,
Matteo

Correct Answer by Rollin Kibbe about 6 years 8 months ago

Hi Matteo:


Passive rogue detection is just on--no rogue detector AP required!  Just like anything else in life, the more resources you put toward something, the better it's going to be.  If you have AP Authentication or MFP configured (which you should anyway), you'll have fewer false alarms and the routines will know not to call your own APs rogues.  RLDP will tell you if a rogue AP is just cabled up in your network but doesn't have any clients yet and will allow you to do switchport tracing to find one from the switch side.  Rogue Detector APs don't handle client traffic, they just dedicate themselves to listening and reporting rogue activity back to the controller.  In a world where budgets are tight, we hear that it can be tough to get funding for APs that don't service clients.  Again, you don't *have* to do any of it, just the more you put in, the more accurate your results will be.


As for inaccuracies, that usually comes from folks having things misconfigured in their network or not having enough configured (i.e. choosing to not do RLDP or Rogue Detectors.)


Sincerely,


Rollin Kibbe

Network Management Systems Team

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Rollin Kibbe Mon, 08/16/2010 - 10:33
User Badges:
  • Cisco Employee,

Hi Matteo:


Passive rogue detection is just on--no rogue detector AP required!  Just like anything else in life, the more resources you put toward something, the better it's going to be.  If you have AP Authentication or MFP configured (which you should anyway), you'll have fewer false alarms and the routines will know not to call your own APs rogues.  RLDP will tell you if a rogue AP is just cabled up in your network but doesn't have any clients yet and will allow you to do switchport tracing to find one from the switch side.  Rogue Detector APs don't handle client traffic, they just dedicate themselves to listening and reporting rogue activity back to the controller.  In a world where budgets are tight, we hear that it can be tough to get funding for APs that don't service clients.  Again, you don't *have* to do any of it, just the more you put in, the more accurate your results will be.


As for inaccuracies, that usually comes from folks having things misconfigured in their network or not having enough configured (i.e. choosing to not do RLDP or Rogue Detectors.)


Sincerely,


Rollin Kibbe

Network Management Systems Team

Actions

This Discussion

 

 

Trending Topics - Security & Network