We have some rogue AP's that I can see on our 4400 controllers but I can't figure out how to disable these buggers and I can't see the mac address on the POE switches (sh cam dyn) that the user community connects thru, is there any special command or process to follow so they don't interfere with my network?
There are a few things you can do. First, if you have WCS with location services you need to map the location of the rogue. To do this click on the link to the rogue AP. When the page is open then look in the upper right hand corner for a pull down box that has several options. Select the option for mapping the rogue. This will give you its location. Next, in the same pull down list select to contain the AP by using a 1-4 AP containment. Then number you select is based on the number of detecting APS. Containment makes the rogue unusable as its MAC address is spoofed by the containing APs and a deauthentication flood is sent to all clients attempting to connect to it. Third, go collect the rogue.
It is important for you to make sure the rogue is a direct threat to your network before you take the containment step. The FCC has a good neighbor policy. If you were to contain the Starbucks next door to you I am sure you could see the problem.
A feature called RLDP or rogue location, sends a ping from the wireless radio of one of your detecting APs to itself aimed at the rogue. If it sees the ping come back on the ethernet side then verification that the rogue is physically on your network has been proven. Then it would be reasonably safe to contain.
RLDP from the Airespace point of view was an extension of rogue detection where the rogue device was identified as an actual threat existing on your local network and was automatically contained. After containment was completed an alarm was sent to the controller and subsequently WCS so that you could locate and confiscate the offending device. RLDP was disabled by Cisco early on for legal reasons.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...