Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Rogue Detection and SPT issues

Deployed wireless a few months. From a client to infrastrure standpoint, majority of users are happy with the ability to go wireless with their personal and work devices.

The problem we're facing is proper identification of rogue's AP's on our wired network (hot spots aren't important)

I've setup a few linksys AP's connected to our access switches and found WLC/PRIME finds the rogue AP's but when a SPT is performed, both WLC/PRIME state it's not on the wired network (which is not true). If I do a manual trace, in Prime,  it will work but I can't do a manual trace everytime I get an alert (we're in a major US city). Further investigation shows the lan and wlan mac address of this linksys router is +/- from one another (confirmed by with arp table on access switch and going into prime and looking at the alert).. Which in this case, Prime should see it as WIRED and mark it as a ROGUE and alert me

Found a document stating only the following switches are supported: 3750, 3560, 3750E, 3560E, and 2960.

I can't see how these are the only supported devices, most are older than the 4510. I posted this in another thread and a rep provided me the link

Read this and even went further and read ROGUE MANAGMENT WHITE PAPER

This does not mention a limitation of switches support. States if CDP and SNMP is enable, along with the local access switches added to PRIME it should work

Here is the currently list of deployed devices, code and basic configuration

Access Switches - 4510 - image: cat4500e-universalk9.SPA.03.02.02.SG.150-2.SG2.bin

WLC - 5500 - image

AIR-CAP3602I-A-K9 - 152 deployed, 151 are configured for Local Mode, 1 is configured as Rogue Detector (trunked with all access vlan's passing thru)

RLDP is enabled on all Local Mode AP's - which after reading is not best practice because of time slicing and the fact is degrades client quality and can kick users off

Basically looking for feedback from others who have deployed wireless and have succesfully configured their environement for ROGUE AP DETECTION with SPT.. What are your thoughts and what do you run?

Thanks in advance

Cisco Employee

Rogue Detection and SPT issues


Complaints about the performance of Switchport Tracing are pretty common.  The best way to build this out is to start with your planted rogue AP is connected to the same switch that your Prime Infrastructure server connects to--or the first wired switch that ESX/ESXi host connects to--and validate that it works there, make whatever changes you need to get it working, then move the planted rogue AP to the next switch and so on.  The logging modules Configuration, General, Monitor, GUI, System and Tools should cover everything you need to know why Switchport Tracing isn't giving the results you expect.  This "start small and work your way up" helps you learn lessons about what needs to be configured on all your switches to have it working the way you want it to.

Configuring Switchport Tracing

New Member

Rogue Detection and SPT issues


Thank you for the reply. As I mentioned in my post, I have read the article.

I am very curious on how the article mentions only the  3750, 3560, 3750E, 3560E, and 2960 are supported.  Hoping users who have deployed wireless product in their environment  can assist.. Seems like the product is not a plug and play and hoping to read some feedback from users who actually have deployed the cisco wireless in their environement (with SPT working)

I should mention last year we had airmagnet in our environment and it was recommended , this product would not be need anymore because Cisco has similar features. Hoping between the active ticket I have with Cisco plus some real life deployment from other users will speed up the issue we've been experiencing.

CreatePlease to create content