Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1494
Views
0
Helpful
3
Replies

Rogue AP detection

yong1794
Level 1
Level 1

‎04-13-2006 11:38 PM - edited ‎07-04-2021 11:56 AM

The WLSE have detected rouge APs. Theses APs are high RSSI and have variable channel set. How can i handle it? As i know. WLSE is not able to protect my APs from rogue APs attack, only detect it. Should i use wire LAN? any other solution clear this rogue AP's channel interference? Any advice please. Thanks.

Labels:
0 Helpful
3 Replies 3

scottmac
Level 10
Level 10

‎04-14-2006 06:08 AM

You've got to be careful here .... the WLSE can "shut down" rogue APs by either sending a disconnect to the client, or dropping the offending switch port.

The problem is that the "rogue" APs could be other businesses nearby; if you shut down all the "rogue" APs you may be killing another business' wireless system.

You can tell the WLSE that a specific "rogue" is known and acceptable, and it will ignore it for the purposes of reporting.

If you APs or antennas are at some altitude (mine are on the fifth & sixth floor), you can pick up other wireless systems from a mile away ... if I tell my system to shut down all rogues, I can be killing systems for quite a distance.

IMHO, It would be a good idea to bring up a wireless "Sniffer" and identify the traffic; if it's truely rogue/malicious traffic, then shut it down .... but if it's a neighbor, just tell the system to ignore it.

The "Sniffer" can also give you a good idea of which channels are least congested and have the least interference so you can make adjustments to your system.

At the least, bring up something like Netstumbler (it's free, runs on Windows) or Kismet (it's also free, runs on *nix).

You can also run some radio scans from the WLSE. I prefer using an external system.

Good Luck

Scott

0 Helpful

khayhuynh
Level 1
Level 1
In response to scottmac

‎04-25-2006 05:54 AM

Hi

"but if it's a neighbor, just tell the system to ignore it. "

I also use WLSE and have to manage AP.

AP on the fitfh floor and upper in my bulding detect A LOT of rogue AP and, as a result, there are a lot of fault called "rogue AP".

How could I tell WLSE to ignore it?

I try to acknowledge the faults but they appear again after a couple of days

I try to delete the faults but they appear again too.

Maybe to make these "rogue AP" friendly?

Thx U by advance!

0 Helpful

emcpherson
Level 1
Level 1
In response to khayhuynh

‎04-25-2006 10:24 AM

I am setting up the WLSE for rogue detection. I was wondering if I have to put in a WAP in sensor mode and also put in a Wireless IDS?

Thanks

:-) mcphere

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card