Hi there, we are runing cisco 5500 Wireless lan controller, when I look at Rogues pages, there are a number of access points has been identified. I try to search via their MAC address in our network, but can not find any. My understanding is that those APs are not necessary the one which connectd to our lan nework, it just detected by our LAP via the air and most of them are APs running in next door office. am I correct on that? thanks in advnace. Roy
Yes, I agree that there is different between the Radio MAC and MAC of an AP, in Rogue AP details, it shows both the address, I used the MAC of the AP to trace which switch and switch port it associated with it. but I do not see any, therefore I assum it is pickup via Air. not realy directly connect to our LAN network.
Just because you can't find the ethernet MAC address in your core switch doesn't mean the WAP is not INSIDE your premises.
The only way to be 100% certain is to find it by triangulating the location.
I've worked in a government facility before and they have ZERO policy with wireless (due to management ignorance). But this never stopped staff from bringing in their own laptops into the office, plugging a 3G USB modem into it, and attaching a ethernet cable to the office network. Tah-dah!
Rogue means any wireless device not managed by your WLC which comes inside your AP coverage area. Same mobility group and samd RF group name is an exception. So detected rogues not necessarily be in your wired network. There are multiple options available in WLC to validate rogue is in wire or not. RLDP is one mechanism unfortunatly it works only if the SSID broadcasted by rogue AP is open. Other option is rogue detector AP which work only if rogue in your same L2 network. Try enabling these methods so you can validate if the rogue is in wire or not. Hope this helps
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...