Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Wired Rogue detection

At present there are 2 options for wired to LAN wireless rogue detection

1) Enable Rogue Location Discovery Protocol which can detect wired to LAN access points that have open authentication

2) Deploy dedicated rogue detector access points which compare the wired arp tables with the wireless arp tables on the WLC's.

You can see the problem with option 1 - the rogue AP can only be detected if open authentication is used.

You can also see the problem with option 2 in the cost of deploying dedicated APs.

Do you think in future releases of WCS that the rogue detector AP can be replaced by simply getting the ARP table from the wired infrastructure via SNMP.

Does anybody know if this is a roadmap item for the WCS?

6 REPLIES
Hall of Fame Super Gold

Re: Wired Rogue detection

I have never deployed AP's in Rogue Detection mode but I do get alarms for Rogues.

I am curious to know why you want to deploy a dedicated AP as a Rogue AP Detector when by default, AP can detect and "prosecute" Rogues.

Re: Wired Rogue detection

My experience has been the only way to detect a Rogue on the WIRED, is with an AP in Rogue Detection Mode. I found this out by accident in my lab ... I had a autonomous 1200 side by side for months and it seen it as a rouge on the wireless. When i turn my lwapp ap into rogue detector it quickly identified it on the wired.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: Wired Rogue detection

OK - So if you have 40 access switches you will need 40 rogue detector APs.

This is a substantial cost.

I am hoping that in future releases of Cisco WCS they will be able to interrogate the access switches

for ARP traffic via SNMP rather than deploy the Rogue APs.

Do you think this will be possible?

New Member

Re: Wired Rogue detection

With Rogue Location Discovery Protocol (RLDP) enabled you will only be able to detect if a Rogue AP is connected to your network if the authentication is OPEN.

If the Rogue AP has any authentication enabled then you will not be able to detect if the AP is connected to your network.

I think this is a big limitation of RLDP

Re: Wired Rogue detection

so fill me in ... the arp would only be local to the access switch , thats why you would have one per switch? Can you fill in that gap for me?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Re: Wired Rogue detection

In older campus wired LAN designs with Layer 3 collapsed core distribution and layer 2 access layer the dedicated rogue detector was viable as you could configure the port on the collapsed core distribution switch that it was connected to as a trunk and the rogue detector could monitor all of the VLANs for ARP information. With newer campus wired LAN designs with Layer 3 at the access layer there is a requirement to install a rogue detector on all access switches.

856
Views
0
Helpful
6
Replies