Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

"Rogue APs" w/our SSID and radio MAC addrs one or two off from trusted APs

We are using WCS/WLC version 4.x and are in an environment with approx. 175 access points in a multi-floor building.

We have recently seen rogue AP security events that show a "rogue" AP whose radio MAC address value is one or two more MAC addresses higher than those of our trusted APs.

Since this appears throughout the building (and appears to be detected from adjacent APs - same floor, above, or below), I am fairly certain that these "rogue" APs are false alarms.

The SSID is the same one we are using (and I understand that, theoretically, there could be the possibility that someone with a true rogue AP is out there

attempting a man-in-the middle attack). However, this seems unlikely since this "attack" appears at different areas intemittently at various locations in the building - often many simultaneously.

Has anyone else seen or experienced this?

3 REPLIES
Silver

Re: "Rogue APs" w/our SSID and radio MAC addrs one or two off fr

Update: Apparently, this is a known issue (Bug CSCse87066 ? "Access Points associated to controllers in the same mobility group no longer appear as rogue access points.")

And the fix is to upgrade to 4.0.179.11

New Member

Re: "Rogue APs" w/our SSID and radio MAC addrs one or two off fr

We had the exactly same symptoms as the first poster. Upgraded to ver .11 but no luck. Anyone with similar problems / solutions?

Silver

Re: "Rogue APs" w/our SSID and radio MAC addrs one or two off fr

According to the release notes, 4.0.206.x is supposed to fix this. Apparently, in high-density deployments (such as multi-floor, high quantities of LWAPs), if the access points hear too many adjacent on-network, trusted LWAPs, the table that keeps track of these adjacent LWAPs overflows and these then become "rogue".

Hopefully, the latest/greatest firmware will resolve this. Our customer is in the process of performing the upgrade and we shuold see the results soon.

165
Views
0
Helpful
3
Replies