Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Quesiton on Rogue Access Point

Hi there,     we are runing cisco 5500 Wireless lan controller,  when I look at Rogues pages, there are a number of access points has been identified. I try to search via their MAC address in our network, but can not find any. My understanding is that those APs are not necessary the one which connectd to our lan nework, it just detected by our LAP via the air and most of them are APs running in next door office.  am I correct on that?  thanks in advnace. Roy

5 REPLIES
Hall of Fame Super Gold

Quesiton on Rogue Access Point

 I try to search via their MAC address in our network, but can not find any.

You are looking at the WAP's radio MAC.  The Ethernet MAC is totally a different number.

My understanding is that those APs are not necessary the one which connectd to our lan nework,

Not necessarily true.

New Member

Quesiton on Rogue Access Point

Yes,  I agree that there is different between the Radio MAC and MAC of an AP,  in Rogue AP details, it shows both the address, I used the MAC of the AP to trace which switch and switch port it associated with it. but I do not see any, therefore I assum it is pickup via Air. not realy directly connect to our LAN network.   

New Member

Re: Quesiton on Rogue Access Point

The "MAC address" field on the rogue AP detail page is the radio MAC of the possible rogue AP.

The "base radio MAC" field on the same page is the MAC of your own AP from the radio that detected the possible rogue.

Sent from Cisco Technical Support iPad App

Hall of Fame Super Gold

Re: Quesiton on Rogue Access Point

I still disagree.

Just because you can't find the ethernet MAC address in your core switch doesn't mean the WAP is not INSIDE your premises.

The only way to be 100% certain is to find it by triangulating the location.

I've worked in a government facility before and they have ZERO policy with wireless (due to management ignorance).  But this never stopped staff from bringing in their own laptops into the office, plugging a 3G USB modem into it, and attaching a ethernet cable to the office network.  Tah-dah!

New Member

Re: Quesiton on Rogue Access Point

Roy,

Rogue means any wireless device not managed by your WLC  which comes inside your AP coverage area. Same mobility group and samd RF group name is an exception. So detected rogues not necessarily be in your wired network. There are multiple options available in WLC to validate rogue is in wire or not. RLDP is one mechanism unfortunatly it works only if the SSID broadcasted by rogue AP is open. Other option is rogue detector AP which work only if rogue  in your same L2 network. Try enabling these methods so you can validate if the rogue is in wire or not. Hope this helps

366
Views
0
Helpful
5
Replies
CreatePlease to create content