Rogue AP Detection and elimination

Unanswered Question
Dec 30th, 2011

I have detected some rogue APs via our WCS but I don't know how to deauthenticate them so they become unusable.

there is one option i got to "contain" them

but i don't know how to contain them

any body has idea that how i can contain them from WCS or WLC


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Fri, 12/30/2011 - 05:53

It's illegal (well you can get in trouble) to do this and really shouldn't be used, but here is a link.

You can also use the WLC.  Go to Monitor | Rogues | Choose one from the list and then click on the mac address of the rogue AP.  There is a drop down box that has the containment.

Sent from Cisco Technical Support iPhone App

George Stefanick Fri, 12/30/2011 - 08:01

So you know how this works. Your access points will spoof the mac address of the rogue access point and will flood the air with deauthentication frames. This tells clients that want to attach to the rogue access point to "go away".

As Scott points out there could be legal ramifications to this.


This Discussion