Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Rogue AP: Question

I need a bit of info with the below topics.

Q1. What is a Rogue AP?

Q2. WLC 4400 is detecting a number of rogue access points from neighboring buildings. How should the WLC 4400 deal with these rogue access points?

Q3. Can the WLC 4400 block these accees points from broadcasting their SSID's into our air space?

Regards,

Colm

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Rogue AP: Question

For the Clases, you have the ability to define what criteria must be met for a roge to be called friendly or malicious.  Under the Security tab > Wireless Protection Policy, Rogue Policies, Rogue Rules.

Class Type:

unclassified  <---  AP detected but not matching any policy

friendly  <---  AP matches the criteria of a friendly AP

malicious <--- AP matches the criteria of a malicious AP

Update Status:

Contain <--Contain the AP, uses our own AP to spoof the AP to get the clients to join "us" instead of "them" , once again, you need to be real careful with this, as if you are containing your neighbors, there can be reprocussions

Alert  <-- Just a message saying there is a rogue

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
8 REPLIES

Re: Rogue AP: Question

Q1. What is a Rogue AP?

     A Rogue is an AP that we can hear, that is not part of the RF Group.  Rogue on the Wire is an AP that is not part of our RF Group, and is found in ARP on the LAN.

Q2. WLC 4400 is detecting a number of rogue access points from neighboring buildings. How should the WLC 4400 deal with these rogue access points?

     WLC should alert you that there are other AP's out there that can be heard, by default.

Q3. Can the WLC 4400 block these accees points from broadcasting their SSID's into our air space?

     Yes, BUT!  There can be legal reprocutions from "containing" these rogues. Best bet, is to find out who owns them and work with them to get the power lowered.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Rogue AP: Question

Thanks Steve for great feedback.

How do the WLC 4400 block or contain these rougue access points. Can you explain the below options.

Class Type:

unclassified

friendly

malicious

Update Status:

Contain

Alert

Q3. Can the WLC 4400 block these accees points from broadcasting their SSID's into our air space?

     Yes, BUT!  There can be legal reprocutions from "containing" these rogues. Best bet, is to find out who owns them and work with them to get the power lowered.

Regards,

Colm

Re: Rogue AP: Question

For the Clases, you have the ability to define what criteria must be met for a roge to be called friendly or malicious.  Under the Security tab > Wireless Protection Policy, Rogue Policies, Rogue Rules.

Class Type:

unclassified  <---  AP detected but not matching any policy

friendly  <---  AP matches the criteria of a friendly AP

malicious <--- AP matches the criteria of a malicious AP

Update Status:

Contain <--Contain the AP, uses our own AP to spoof the AP to get the clients to join "us" instead of "them" , once again, you need to be real careful with this, as if you are containing your neighbors, there can be reprocussions

Alert  <-- Just a message saying there is a rogue

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Rogue AP: Question

Thanks Steve.

If you contain a rougue access point. That happens this access point?

Re: Rogue AP: Question

yes.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Rogue AP: Question

If you contain an AP, does this disable the AP for all clients in the shared airspace or all airspace?

Re: Rogue AP: Question

Only clients that are within range of your access point that is containing the rogue will be deauthenicated.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Gold

Re: Rogue AP: Question

I'd be very careful trying to contain Rogue APs/Clients because you and/or your company can be brought to court.

I have, in several occasions, successfully done so because I made sure the Rogue AP and/or clients were physically found INSIDE our company's premises.  When the offenders raised a trouble ticket (after buying three APs) we confronted them (with cricket bat!) they initially denied but I gave them the facts:  AP's manufacturer, the SSID, no encryption (duh!), the clients associated to the AP, they meekly admitted and pulled down their "cowboy" network lest I report them to the CIO.

Otherwise, if the signals are coming from OUTSIDE the premises, I have little choice but ignore them.

16727
Views
0
Helpful
8
Replies