I have a situation where there appears to either be a rogue AP in one of our buildings or it is an AP that was missed when we were coverting them over to lightweight mode because it has the same SSID that we are using and is Cisco but my AP's are not finding it friendly.
I would like to try and find this AP, while WCS has given me a good idea on the location, I am looking for software for my laptop that could help me narrow it down even more.
Is there some software that will show all of the access points that my laptop sees as well as their mac address and strenght? I think a wireless site survey tool might work. But, I dont think I can use Cisco's since I will be using a lenovo laptop with its built in wireless card. Does anyone have some recommendations on some software for this task?
Netstumbler helped me find the AP. Although it looks like the wireless card on my lenovo with a Intel 4965AGN doesnt work very good with Netstumbler. However my co-workers laptop worked perfect for it.
Cisco network switches you can use the Network Assistant to do a ping and trace to its IP address and it will tell you what switch to what switch it travels through. You can then identify which port on the switch and track it from there.
Depending on financial constraints etc either buy a good survey software, either Ekahau or AirMagnet or use the WCS. With floor plans etc it will capture all mac addresses etc and will allow you to record the ongoing condition of your WLAN on a regular basis
3) if you have severals base stations in the surroundings you can get the general idea of what area to look in by checking the signal streangth of the rouge AP in the different APs. just map it out in a building/surrounding area type of map.
I would look at a directional antenna and cover the ground quickly to find the rouge ap. netstumbler helps out alot.
is the keys and encryptions correct on the rouge AP ? then its probably one you have missed or a serious try to break in to your company.
then just look in your installment plans and check wich one is in that location that you do not have control over.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...