Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
5
Replies

LWAPP upgrade image disables wired-side rogue alerts?

wififofum
Level 4
Level 4

‎03-03-2007 02:47 PM - edited ‎07-03-2021 01:43 PM

All,

Just saw this in Open caveat the Field Notes for the LWAPP Upgrade Image 12.3.7-JX. Nicely tucked away at the end of the doc. Has anyone seen this? I have upgraded 100s of 1231s across a wide footprint and have not seen a single wired-side rogue (Threat level alert) in the WCS (and I'm not blocking the RLDP ports), which is highly unlikely in my environment.

I hope this does not mean all APs upgraded using this stub recovery image will not be able to alert properly on wired-side rogues. Thsi doesn't seem to make sense since the APs load a new code once joined to a controller, correct?

CSCsb47748?When the Rogue Location Discovery Protocol (RLDP) is enabled on a controller, associated access points converted to lightweight mode do not detect rogue access points as a threat.

Labels:
0 Helpful
5 Replies 5

beth-martin
Level 5
Level 5

‎03-08-2007 11:54 AM

Does the rogue alert events come up if you disable RLDP? Have you tried this just to make sure if you are hitting this bug. You can try disabling RLDP by creating a filter.

0 Helpful

wififofum
Level 4
Level 4
In response to beth-martin

‎03-08-2007 12:48 PM

Beth,

I need RLDP to detect the wired-side rougues don't I? Without this enabled, the Local Mode APs won't try to associate to wired-side Rogue APs and report them to the controller.

I'm getting plenty of Rogue AP Alerts (code Yellow), just not the Threats (Code Red) indicative of wired-side rogues.

0 Helpful

johnruffing
Level 4
Level 4
In response to wififofum

‎03-22-2007 02:24 PM

I have observed the lack of this working correctly as well. Even in an all-Cisco infrastructure with Cisco-branded APs (that were older known equipment that the controller was identifying as "rogue APs".

Is this going to be addressed in the new release in May?

- John

0 Helpful

johnruffing
Level 4
Level 4
In response to johnruffing

‎03-27-2007 08:52 AM

One update after talking to Cisco:

The mechanism used to find rogue APs is by the controller attempting to ping itself through the wireless.

This ONLY works if the rogue AP has its settings security as OPEN.

Therefore, if the rogue is on network, but has any kind of security - even WEP - it will not show up as on network.

- John

0 Helpful

wififofum
Level 4
Level 4
In response to johnruffing

‎03-27-2007 09:15 AM

Thanks John,

Yeah we're aware of that - but we're as certain that there's some out there that are open. In fact I had this working under WLC 3.0 versions with an open Apple Airport Express AP. This does not seem to work anymore with 4.x. The Caveat regarding the LWAPP Recovery image causing APs not to report Rogues as Alerts is puzzling. Doesn't this code get overwritten by the controller after its upgraded, or is the LWAPP code just a wrapper that encapsulates everything sent from the IOS Upgrade image (kernel)? This is what it sounds like...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card