Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Rogue AP on LAN, PI/MSE/WLC

Hello, 

I want to configure the Rogue AP detection, PI must automatic shutdown switch ports to which rogue AP connected.  Attached is a document with my current configuration. For test purpose I am using home router (TP-link). It is connected to the same switches as Rogue Detector AP:

interface FastEthernet0/33 (Rogue AP on customer port)

description FREE

switchport access vlan 15

switchport mode access

switchport voice vlan 11

switchport port-security maximum 2

switchport port-security

switchport port-security mac-address sticky

switchport port-security mac-address sticky c04a.00e9.29cd

no logging event link-status

no snmp trap link-status

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input AutoQoS-Police-CiscoPhone

 

interface FastEthernet0/17 (Rogue Detector)

description AP-G2-55 Monitor

switchport trunk native vlan 30

switchport trunk allowed vlan 2,5,7-9,11,13-15,25,26,29,30

switchport mode trunk

no logging event link-status

no snmp trap link-status

spanning-tree portfast

spanning-tree bpduguard enable

 

MAC address of the router Ethernet port:

c04a.00e9.29cd

WLC see rogue AP with MAC:

c0:4a:00:e9:29:cc

(http://www.cisco.com/c/en/us/td/docs/wireless/technology/roguedetection_deploy/Rogue_Detection.html

Rogue Detector AP

A rogue detector AP aims to correlate rogue information heard over the air with ARP information obtained from the wired network. A positive match is based on the wired and wireless MAC address with difference of +1/-1. If a MAC address is heard over the air as a rogue AP or client and is also heard on the wired network, then the rogue is determined to be on the wired network. If the rogue is detected to be on the wired network, then the alarm severity for that rogue AP is raised to "Critical". It should be noted that a rogue detector AP is not successful at identifying rogue clients behind a device using NAT.)

But WLC think, that there is no rogue AP on wired network (screenshot).

Somebody have any idea?

Everyone's tags (3)
1 REPLY
New Member

https://tools.cisco.com

https://tools.cisco.com/bugsearch/bug/CSCue09354 may be this is root of problem, when I use native vlan on access port WLC can found rogue ap on wired network... but i use version 7.4.121

229
Views
0
Helpful
1
Replies
CreatePlease to create content