Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Rogue AP detection

The WLSE have detected rouge APs. Theses APs are high RSSI and have variable channel set. How can i handle it? As i know. WLSE is not able to protect my APs from rogue APs attack, only detect it. Should i use wire LAN? any other solution clear this rogue AP's channel interference? Any advice please. Thanks.

3 REPLIES
Green

Re: Rogue AP detection

You've got to be careful here .... the WLSE can "shut down" rogue APs by either sending a disconnect to the client, or dropping the offending switch port.

The problem is that the "rogue" APs could be other businesses nearby; if you shut down all the "rogue" APs you may be killing another business' wireless system.

You can tell the WLSE that a specific "rogue" is known and acceptable, and it will ignore it for the purposes of reporting.

If you APs or antennas are at some altitude (mine are on the fifth & sixth floor), you can pick up other wireless systems from a mile away ... if I tell my system to shut down all rogues, I can be killing systems for quite a distance.

IMHO, It would be a good idea to bring up a wireless "Sniffer" and identify the traffic; if it's truely rogue/malicious traffic, then shut it down .... but if it's a neighbor, just tell the system to ignore it.

The "Sniffer" can also give you a good idea of which channels are least congested and have the least interference so you can make adjustments to your system.

At the least, bring up something like Netstumbler (it's free, runs on Windows) or Kismet (it's also free, runs on *nix).

You can also run some radio scans from the WLSE. I prefer using an external system.

Good Luck

Scott

New Member

Re: Rogue AP detection

Hi

"but if it's a neighbor, just tell the system to ignore it. "

I also use WLSE and have to manage AP.

AP on the fitfh floor and upper in my bulding detect A LOT of rogue AP and, as a result, there are a lot of fault called "rogue AP".

How could I tell WLSE to ignore it?

I try to acknowledge the faults but they appear again after a couple of days

I try to delete the faults but they appear again too.

Maybe to make these "rogue AP" friendly?

Thx U by advance!

New Member

Re: Rogue AP detection

I am setting up the WLSE for rogue detection. I was wondering if I have to put in a WAP in sensor mode and also put in a Wireless IDS?

Thanks

:-) mcphere

909
Views
0
Helpful
3
Replies
CreatePlease login to create content