Rogue AP Detection and elimination

Unanswered Question
Dec 30th, 2011
User Badges:

I have detected some rogue APs via our WCS but I don't know how to deauthenticate them so they become unusable.


there is one option i got to "contain" them


but i don't know how to contain them


any body has idea that how i can contain them from WCS or WLC


thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Fri, 12/30/2011 - 05:53
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

It's illegal (well you can get in trouble) to do this and really shouldn't be used, but here is a link.


http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0sol.html#wp1040128


You can also use the WLC.  Go to Monitor | Rogues | Choose one from the list and then click on the mac address of the rogue AP.  There is a drop down box that has the containment.



Sent from Cisco Technical Support iPhone App

George Stefanick Fri, 12/30/2011 - 08:01
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

So you know how this works. Your access points will spoof the mac address of the rogue access point and will flood the air with deauthentication frames. This tells clients that want to attach to the rogue access point to "go away".


As Scott points out there could be legal ramifications to this.

Actions

This Discussion