Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Doing the impossible? Finding rogues from the wired side

Wondering if anyone has found a valid tool (beyond the sourceforge APTools kind of stuff) to assist in finding APs by culling through the ARP tables on routers etc... brutal stuff here I know. Also- anything in a wireless frame/packets common to all APs (all vendors as part of 802.11) that can be filtered on at the router to possibly block traffic from rogue APs? I think not, but I'm scratchin at anything here...

Lee Badman

CWNA Network Engineer

2 REPLIES
Cisco Employee

Re: Doing the impossible? Finding rogues from the wired side

Hi ,

In AP350 has fnew feature which may help you .

The process takes place as follows:

1. A client with a LEAP profile attempts to associate to a access point A.

2. Access point A does not handle LEAP authentication successfully, perhaps because the access point does not understand LEAP or cannot communicate to a trusted LEAP authentication server.

3. The client records the MAC address for access point A and the reason why the association failed.

4. The client associates successfully to access point B.

5. The client sends the MAC address of access point A and the reason code for the failure to access pont B.

6. Access point B logs the failure in the system log.

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350rn/rn1200.htm

Community Member

Re: Doing the impossible? Finding rogues from the wired side

If multiple MAC's are connecting via the AP, would those MAC's not show up under the ports (the one the AP is connected to) list?

If so is there a way to automate the retrieval of ports with multiple MAC's?

160
Views
0
Helpful
2
Replies
CreatePlease to create content