Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Trusted AP policies - gone in version 5?

Does anyone know the reasoning for the disappearance of the Trusted AP policies that were there in version 4.x and are now apparently missing in version 5.x?

In 4.x the command set was "wps trusted-ap ..." and there was the curious "Validate SSID" setting in the GUI which had no command line equivalent. Perhaps the Validate SSID setting was a relic in the GUI that never really did anything, i.e. perhaps it was an orphaned GUI option?

In 4.x we also had the "wps rogue-ap ..." command set which was relocated to just being the "rogue ..." (no longer under wps) commands. However the trusted-ap commands never moved out of the wps command set - they just disappeared.

I can't find any explanations in the Cisco documentation, so has anyone else maybe figured it out or asked Cisco?

I'm particulary concerned about the Validate SSID option because I've promised it would be enabled in a design done prior to version 5's release. Now the customer (now on version 5) is asking if it's enabled or not, and I can't tell them if it is because it's vanished!

2 REPLIES
Hall of Fame Super Red

Re: Trusted AP policies - gone in version 5?

Hi Justin,

This has changed in the 5.x release;

Here is the old info (pre-5.x);

Note You cannot configure SSID validation from the controller CLI. However, you can use the show wps summary command to see whether SSID validation has been enabled.

http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42sol.html

Here is the new 5.x info;

Classifying Rogue Access Points

From the Add Condition drop-down box, choose one or more of the following conditions that the rogue access point must meet and click Add Condition:

• SSID-Requires that the rogue access point have a specific user-configured SSID. If you

choose this option, enter the SSID in the User Configured SSID field, and click Add SSID.

Note To delete an SSID, highlight the SSID and click Remove.

http://www.cisco.com/en/US/docs/wireless/controller/5.0/configuration/guide/c5sol.pdf

Hope this helps!

Rob

New Member

Re: Trusted AP policies - gone in version 5?

Thanks Rob.

So are you saying that the old 4.x Trusted AP policies can now all be approximated by the new 5.x rule-based rogue classification? To me the old Validate SSID option never made much sense in the context of Trusted APs because, from the ref you quoted, it seems to have been intended to identify APs that are using one of your SSIDs and raise an alarm about it, i.e. it was meant to alarm on malicious rogues - not trusted ones.

And then also what about all those other Trusted AP settings that disappeared? Can they also be reproduced as rogue-classification rules?

166
Views
0
Helpful
2
Replies