Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
0
Helpful
2
Replies

LAP 1131 Monitor mode configuration

dlongworth
Level 1
Level 1

‎05-06-2007 09:17 PM - edited ‎07-03-2021 02:02 PM

Hi,

Can anyone assist me in setting up monitor-mode on an 1131?

I've got WCS, WiSMs and 27 flrs (27 vlans) of LAPs. I want to test 'Monitor Mode' on a dedicated LAP. I've got as far as configuring a trunk on the connecting switch, for the LAP, but I'm unsure where to go next.

How do I know/verify it's working or building an ARP cache?

Labels:
0 Helpful
2 Replies 2

Rob Huffman
Hall of Fame
Hall of Fame

‎05-08-2007 05:28 AM

Hi David,

Maybe this will help get you started;

The Monitor function is set for all 802.11 Cisco Radios on a per-access point basis using any of the Cisco Wireless LAN Controller user interfaces.

You can configure an individual AP mode simply, once the Lightweight AP is connected to the controller. In order to change the AP mode, connect to the controller web-interface and navigate to Wireless. Click on Details next to the desired AP to in order to display a configuration screen.

A Lightweight AP mode of operation defines the role of the AP. The modes related to the information presented in this document are:

Local This is the normal operation of an AP. This mode allows data clients to be serviced while configured channels are scanned for noise and rogues. In this mode of operation, the AP goes off-channel for 50 ms and listens for rogues. It cycles through each channel, one at a time, for the period specified under the Auto RF configuration.

Monitor This is radio receive only mode, and allows the AP to scan all configured channels every 12 seconds. Only de-authentication packets are sent in the air with an AP configured this way. A monitor mode AP can detect rogues, but it cannot connect to a suspicious rogue as a client in order to send the RLDP packets.

Note: DCA refers to non-overlapping channels that are configurable with the default modes.

Rogue Detector In this mode, the AP radio is turned off, and the AP listens to wired traffic only. The controller passes the APs configured as rogue detectors as well as lists of suspected rogue clients and AP MAC addresses. The rogue detector listens for ARP packets only, and can be connected to all broadcast domains through a trunk link if desired.

From this good doc;

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml

Hope this helps!

Rob

0 Helpful

dlongworth
Level 1
Level 1
In response to Rob Huffman

‎05-22-2007 09:49 PM

Thx for your feedback Rob.

Have you tested or deployed this? Does it work well?

Cheers

David

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card