I have WLC 2112, and I want to be able to identify clients who are connected to our external wireless network while simultaneously connected to the wired internal LAN. APs that are wired and also emitting RF are recognizable by the WLC, but apparently not client who are wired and connected to an unclassified or rogue AP. Is there a way to find these clients with wired and wireless connections?
I set logging to informational but don't see any messages related to clients MAC addresses flapping. If I go to Monitor, Rogues, Rogue Clients, it shows a client connected to an unclassified AP as Rogue. That AP is one of ours outside our LAN. If I connect my laptop to the outside AP, it shows me as a rogue client even if I am not simultaneously wired to the LAN.
Unfortunately there's no easy way to achieve this in most situations.
The Wired & Wireless Interfaces will have different MAC Addresses, so there's nothing clever you can do at L2.
If you run 802.1x on the LAN & WLAN you could probably limit the number of concurrent session for a given username to 1, which would mean that which ever NIC came up first would be the one that stays active for the client. This is a bit messy and I've never tried it, but it should work.
The only sure-fire way I know of resolving this problem is by deploying CiscoSecure Services Client ('CSSC') which has the ability to force the Client to only use one NIC at a time, and you can prioritise the NIC's so if they are both plugged in / turned on, you can say which should have priority.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...