Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

LWAPP upgrade image disables wired-side rogue alerts?

All,

Just saw this in Open caveat the Field Notes for the LWAPP Upgrade Image 12.3.7-JX. Nicely tucked away at the end of the doc. Has anyone seen this? I have upgraded 100s of 1231s across a wide footprint and have not seen a single wired-side rogue (Threat level alert) in the WCS (and I'm not blocking the RLDP ports), which is highly unlikely in my environment.

I hope this does not mean all APs upgraded using this stub recovery image will not be able to alert properly on wired-side rogues. Thsi doesn't seem to make sense since the APs load a new code once joined to a controller, correct?

CSCsb47748?When the Rogue Location Discovery Protocol (RLDP) is enabled on a controller, associated access points converted to lightweight mode do not detect rogue access points as a threat.

5 REPLIES
Bronze

Re: LWAPP upgrade image disables wired-side rogue alerts?

Does the rogue alert events come up if you disable RLDP? Have you tried this just to make sure if you are hitting this bug. You can try disabling RLDP by creating a filter.

Bronze

Re: LWAPP upgrade image disables wired-side rogue alerts?

Beth,

I need RLDP to detect the wired-side rougues don't I? Without this enabled, the Local Mode APs won't try to associate to wired-side Rogue APs and report them to the controller.

I'm getting plenty of Rogue AP Alerts (code Yellow), just not the Threats (Code Red) indicative of wired-side rogues.

Silver

Re: LWAPP upgrade image disables wired-side rogue alerts?

I have observed the lack of this working correctly as well. Even in an all-Cisco infrastructure with Cisco-branded APs (that were older known equipment that the controller was identifying as "rogue APs".

Is this going to be addressed in the new release in May?

- John

Silver

Re: LWAPP upgrade image disables wired-side rogue alerts?

One update after talking to Cisco:

The mechanism used to find rogue APs is by the controller attempting to ping itself through the wireless.

This ONLY works if the rogue AP has its settings security as OPEN.

Therefore, if the rogue is on network, but has any kind of security - even WEP - it will not show up as on network.

- John

Bronze

Re: LWAPP upgrade image disables wired-side rogue alerts?

Thanks John,

Yeah we're aware of that - but we're as certain that there's some out there that are open. In fact I had this working under WLC 3.0 versions with an open Apple Airport Express AP. This does not seem to work anymore with 4.x. The Caveat regarding the LWAPP Recovery image causing APs not to report Rogues as Alerts is puzzling. Doesn't this code get overwritten by the controller after its upgraded, or is the LWAPP code just a wrapper that encapsulates everything sent from the IOS Upgrade image (kernel)? This is what it sounds like...

150
Views
0
Helpful
5
Replies
CreatePlease login to create content