Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AP Impersonation Alarm

I recently recevied an AP impersonation alarm. The culprit seems to be a Netgear AP outside of the walls of our office space. I am in our corporate office several states away and we have no IT staff that is local to the location that this is occuring.

What are you all doing when you receive such an alarm? Is it something that I should be seriously concerned with?

Cisco Employee

Re: AP Impersonation Alarm

The AP Impersonation feature improves the detection of rogue APs that

attempt to impersonate valid Cisco APs. This feature creates a radio

frequency (RF) network group, and the Cisco APs in the same group distribute

radio resource management (RRM) neighbor packets to each other. If a Cisco

AP hears packets from another Cisco AP from which it has not received any

RRM neighbor packets, then the Cisco AP can assume that the new AP is

impersonating a Cisco AP and therefore reports it as a rogue AP.

When the WCS finds an AP that attempts to impersonate another AP on the

WLAN, you see this alert on the WCS server, WCS talks to the controllers to

get the information through SNMP.


This is only cosmetic and does not affect the network.

As of 5.0 you could also look at the containment feature which should help lock them down:

New Member

Re: AP Impersonation Alarm

Depends if that AP has the same SSID as your network.

Windows wireless clients connect to the last SSID they were on before being shutdown/hibernated. Most Wireless clients do as well, so someone could call any AP the same SSID as your network and try to get your users to connect to their AP to pull whatever information they are after. I would treat this one a little more seriously, even if they don't get any information off your clients.