Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure an AP in scanning-only mode

 

 

Introduction

How to configure an AP in scanning-only mode

 

Resolution

The scanning-only AP mode puts a radio interface in a dedicated mode that monitors the surrounding air space but does not carry any regular WLAN user traffic. Because the scanning-only AP dedicates itself in the radio monitoring mode, it can detect rogue devices and unassociated clients more reliably and faster than a regular AP or client.

 

The following sections will help you understand how and where to use the Radio Manager Scanning-Only AP Mode feature:

 

  • Understanding Scanning-Only AP Mode
  • Guidelines for Using Scanning-Only APs
  • Assigning Scanning-Only AP Network Settings
  • Enabling Scanning-Only Mode
  • Viewing Reporting APs
  • Viewing the Unregistered Clients Report

 

Understanding Scanning-Only AP Mode

The scanning-only AP mode puts a radio interface in a dedicated mode that monitors the surrounding air space without carrying any regular WLAN user traffic. Scanning APs:

  • Function in a "listen-only" mode that does not allow client associations.
  • Monitor the radio environment by looking for rogue APs and unassociated clients.
  • Detect buglighted clients (clients associated with unauthorized APs).

 

Note

For information about the APs and firmware versions for which Scanning-Only AP mode is supported, see the Supported Devices Table for the CiscoWorks Wireless LAN Solution Engine, Release 2.9.

 

How It Works

Scanning-Only AP mode can be used for rogue AP detection; the fault that is generated is the same as when a regular AP or client detects a rogue AP. Scanning-only APs improve rogue AP detection by performing on-channel scanning (listening to the beacon without sending any messages) for a set period of time. It stays on each channel several seconds before moving on to the next channel on the list.

 

Scanning-only AP mode can be enabled on a per-radio interface. If an AP contains two or more radio interfaces, each interface can be configured into scanning-only AP mode or any other mode independent of other radio interfaces.

 

Note

An 11a-capable client that is associated to an 11g network cannot detect 11a rogues. No matter what the client is capable of supporting, it only searches for rogues that match the band of the AP. Therefore, when a client is associated to a 2.4Ghz AP (b or g), it only detects 2.4Ghz rogues (b or g). When it is associated to a 5Ghz (11a) AP, it only detects 5Ghz (11a) rogues. An AP in scanning-only mode that has a dual radio (both a and g) can detect all types of (a, b, and g) rogues.

 

A fault is generated when WLSE detects any unregistered clients. The fault report shows all detected unregistered clients that have not been acknowledged and cleared by the administrator.

 

Note

This release only detects clients using a null SSID to probe the network.

 

Problem Type

Configure / Configuration issues

 

Products

Access point

 

Product OS

IOS

 

Reference

Using Scanning-Only APs

Managing the WLAN Radio Environment

Typical Scenarios and FAQs

793
Views
0
Helpful
0
Comments