https://community.cisco.com/t5/wireless/ap-containment/m-p/1146770#M16090 <HTML><HEAD></HEAD><BODY><P>Yes this does help, but I am more concerned with our wireless clients trying to connect to</P><P>a rogue AP advertising our SSID, the rogue may or may not be wired in to our LAN. My thoughts are that to rely on manual AP containment is slightly risky as it requires a member of the support staff to look at the WCS logging.</P><P></P><P>My hopes are that the new Cisco mobility services IDS/IPS offering will automate this.</P><P></P><P>Thanks for you answers</P><P></P><P>Mark</P></BODY></HTML> Wed, 28 Jan 2009 20:05:41 GMT mark.cronin 2009-01-28T20:05:41Z https://community.cisco.com/t5/wireless/ap-containment/m-p/1146768#M16088 <P>Need Clarification</P><P></P><P>Can the AP containment feature on </P><P>CUWN 4.2 be automated to contain rogue APs that are advertising your SSID or is this a manual procedure.</P><P></P><P>Can the new Cisco mobilty service engine IDS/IPS system do this automatically?</P><P></P><P>Can Air defense / Air tight / Air Magnet do this?</P><P></P><P>Mark</P><P></P> Sun, 04 Jul 2021 00:02:17 GMT https://community.cisco.com/t5/wireless/ap-containment/m-p/1146768#M16088 mark.cronin 2021-07-04T00:02:17Z https://community.cisco.com/t5/wireless/ap-containment/m-p/1146769#M16089 <HTML><HEAD></HEAD><BODY><P>Containment of Rogue AP can only be done manually. Auto Containment of "Rogue on Wire" and/or "AdHoc Rogue AP", on the other hand, is turned off by default. To enable this feature, go to Security -&gt; Wireless Protection Policies -&gt; Rogue Policies -&gt; General.</P><P></P><P>Does this help?</P></BODY></HTML> Tue, 27 Jan 2009 01:36:51 GMT https://community.cisco.com/t5/wireless/ap-containment/m-p/1146769#M16089 Leo Laohoo 2009-01-27T01:36:51Z https://community.cisco.com/t5/wireless/ap-containment/m-p/1146770#M16090 <HTML><HEAD></HEAD><BODY><P>Yes this does help, but I am more concerned with our wireless clients trying to connect to</P><P>a rogue AP advertising our SSID, the rogue may or may not be wired in to our LAN. My thoughts are that to rely on manual AP containment is slightly risky as it requires a member of the support staff to look at the WCS logging.</P><P></P><P>My hopes are that the new Cisco mobility services IDS/IPS offering will automate this.</P><P></P><P>Thanks for you answers</P><P></P><P>Mark</P></BODY></HTML> Wed, 28 Jan 2009 20:05:41 GMT https://community.cisco.com/t5/wireless/ap-containment/m-p/1146770#M16090 mark.cronin 2009-01-28T20:05:41Z https://community.cisco.com/t5/wireless/ap-containment/m-p/1146771#M16091 <HTML><HEAD></HEAD><BODY><P>If you are concerned about clients connecting to a Rogue AP with the same SSID (aka "Honeypot"), the WLC/WCS will flag this alarm. </P><P></P><P>One of the logic why this is not incorporated into the automation is the risk associated that "somebody" in the organization may have innocently setup their very-own AP for company use without telling everyone. There's also a risk of your organization if the WLC/WCS will attack legitimate AP it considers as "Rogue". </P><P></P><P>True, IPS/IDS will do the trick, but I've been doing this for the past 2 years and I'd rather be the one to throw the switch for the WLC/WCS to contain a possible Rogue AP than let the machine do it for you. </P><P></P><P>For instance, I saw a a firmware bug where an AP was flagged by the WLC and the WCS as a suspected Honeypot. Upon closer inspection, the so-called Honeypot is an AP register to the same WLC and therefore legitimate. </P><P></P><P>In my humble opinion ... </P></BODY></HTML> Thu, 29 Jan 2009 21:14:42 GMT https://community.cisco.com/t5/wireless/ap-containment/m-p/1146771#M16091 Leo Laohoo 2009-01-29T21:14:42Z https://community.cisco.com/t5/wireless/ap-containment/m-p/1146772#M16092 <HTML><HEAD></HEAD><BODY><P>looks like I need to convince the support staff to look at the logs</P></BODY></HTML> Thu, 29 Jan 2009 21:20:15 GMT https://community.cisco.com/t5/wireless/ap-containment/m-p/1146772#M16092 mark.cronin 2009-01-29T21:20:15Z https://community.cisco.com/t5/wireless/ap-containment/m-p/1146773#M16093 <HTML><HEAD></HEAD><BODY><P>If this resolves your post, can you tick "resolved"? Thanks. </P></BODY></HTML> Wed, 04 Feb 2009 00:50:46 GMT https://community.cisco.com/t5/wireless/ap-containment/m-p/1146773#M16093 Leo Laohoo 2009-02-04T00:50:46Z https://community.cisco.com/t5/wireless/ap-containment/m-p/1146774#M16094 <HTML><HEAD></HEAD><BODY><P>here is some further info on rogue containment</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml</A></P></BODY></HTML> Sat, 21 Feb 2009 18:24:10 GMT https://community.cisco.com/t5/wireless/ap-containment/m-p/1146774#M16094 George Stefanick 2009-02-21T18:24:10Z