Understanding Neighbor and Rogue AP

Document

Sun, 02/24/2013 - 16:16
Feb 24th, 2013
User Badges:
  • Cisco Employee,

Two WLCs(tested between 6.X and 7.X) were used and APs sees each other wirelessly between the WLCs:--     

Case   Mobility Tunnel   Mobility Group name   RF Group name   should they find as Rogues   should they find as neighbors


    1   Mobility   tunnel UP          Similar name        Similar name          NO                      YES     

    2   Mobility   tunnel UP          Similar name        Dissimilar name    See Exception   See Exception     

    3   Mobility   tunnel UP          Dissimilar name    Similar name          NO                      YES     

    4   Mobility   tunnel UP          Dissimilar name    Dissimilar name    See Exception   See Exception     

    5   Not wired /Not configured  Similar name        Blank                     YES                     NO

    6   Not wired /Not configured  Dissimilar name    Blank                     YES                     NO


(RF group name is mandatory while Mobility name is optional, means it can be left blank)


Mobility tunnel Down for brief moment or down permanently - Not sure how it should behave when they're down for a brief  moment, if they know each other before ie., Rogues, neighbors, joined APs. However, when the Tunnel is down permanently, Irrespective of Mobility & RF group name, WLC has to find each other as Rogues & RF grouping can't formed for neighbor update, But the joined APs are also going to be listed as Rogues from other WLC .


Note: Only Mobility tunnel Status matters. Mobility group name is nothing to do with RF grouping/Rogues/Neighbor.


Exception:-

       Between two 7.0 code:--

       Different RF-group name with Mobility path UP between two

Controllers.

       APs on both WLCs Can't be Rogues & Can't be neighbors.

       It is not Rogues because it is joined to other WLC that it has formed Mobility tunnel & can't be neighbors because it has different RF group name. It may see as neighbors at AP level but doesn't involve those APs to form RRM/RF grouping, as there're many checks. Same case with Rogues, it could see APs from other WLC2 as Rogues at AP but it won't list as Rogues in WLC1.


       Between two 6.0 code:--

       Since RF-group names are dissimilar RF grouping is not formed and they'll find each other as Rogues though Mobility tunnel is Up between both WLCs.


To give an additional RRM perspective:
For 7.x release:
(1) The AP recognize another as a valid RF neighbor if the RF domain name is the same.
(2) The AP sends that information to WLC.
(3) The WLC uses the AP info to establish a connection with other valid WLC's and each WLC would do a series of checks
during this time (for country matches, version, hierarchy, scale limits & others) before forming an auto mode RF group(RRM) either as a leader or a member.
(4) All AP's which are not part of this RF group is considered to be a foreign AP (equivalent to a rogue AP). the WLC-WLC communication should only happen if a valid mobility tunnel is established.


Any reason for the different RF group names if the APs can physically hear each other?

(1) RF group names are ususally consistent across a single deployment:
(2) Ap's which have unrecognizable neighbor packets or wrong entries are deemed rogues.
(3) If there were Cisco AP's with two different RF groups. They would hear each other but wouldn't populate the other
in the RF neighbor list. (This RF list is sent to WLC for further munching as discussed above)
(4) Usually two local neighborhoods have widely varying RF characteristics, then the network admin may adopt two RF group names to separate the two RF neighborhood or they may belong two different networks.
(5) From the above information we see that AP neighborhood determines RF grouping(auto-mode) /Rogue classification
and other, not vice-verse.






Loading.

Actions

This Document

Related Content

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode