Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Malicious APs

hello everyone

in a Cisco WLc there is a option that you can configure. this option is called

Malicious APs.

what thus this option do. and how can i configure this correctly

Everyone's tags (2)
4 REPLIES
Cisco Employee

Malicious APs

Malicious AP is kind of classification for rogue devices.

Check the following link for more info:

http://www.cisco.com/en/US/partner/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2086759

----------------------------------------------------------------------------

Please Make sure to rate correct answers

Re: Malicious APs

Malicious APs is a kind of classification for rogue APs. The rogue AP may be set as malicious manually or per a rule that you define on the WLC

This would possibly be useful to you :

Rule Based Rogue Classification Terminologies

With this new functionality, these new rogue AP types are introduced:

  • Malicious AP: A detected AP that matches user-defined Malicious rules or has been manually moved from Friendly APs.
  • Friendly AP: Existing known, Acknowledge, and Trust Missing Rogue states are classified as Friendly. In addition, detected APs that match user-defined Friendly rules are classified as Friendly. Friendly APs cannot be contained.
  • Unclassified AP: A detected AP that did not match the Malicious or Friendly rules. An Unclassified AP can be contained. An Unclassified AP can be manually moved to Friendly by the user. User-defined rules to automatically move Unclassified AP to Friendly or Malicious, for example, on detection, the SSID is empty. On the next rogue report, a SSID is found, and it turns out to be a user-configured SSID.

Reference: http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080ad6b8d.shtml

Hope this helps.

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Re: Malicious APs

Thanks that helpt allot

But is there a way that i can block these rogue ap's. And make sure that the can't send in to the network ??

Sent from Cisco Technical Support iPhone App

Hall of Fame Super Silver

Re: Malicious APs

Johan,

You specify Malicious Rogue AP's as part of classifications as the others have mentioned. Rogues are any 802.11 APs that are not part of your network. You can't just block these... That is why you can create these rules to classify these rogue APs. Take a look at the link that was posted earlier.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
588
Views
0
Helpful
4
Replies
CreatePlease to create content