https://community.cisco.com/t5/wireless/rogue-ap/m-p/5257349#M280671 <P>In the WLC we can contain the Rouge AP, but how we can make sure our AP is not contained by neighbor WLC if the my AP located not to far with neighbor AP?</P> Thu, 06 Feb 2025 00:47:25 GMT hs08 2025-02-06T00:47:25Z https://community.cisco.com/t5/wireless/rogue-ap/m-p/5257349#M280671 <P>In the WLC we can contain the Rouge AP, but how we can make sure our AP is not contained by neighbor WLC if the my AP located not to far with neighbor AP?</P> Thu, 06 Feb 2025 00:47:25 GMT https://community.cisco.com/t5/wireless/rogue-ap/m-p/5257349#M280671 hs08 2025-02-06T00:47:25Z https://community.cisco.com/t5/wireless/rogue-ap/m-p/5257356#M280672 <P>To start off containment is technically illegal in most countries, unless the rogue is connected to your network or broadcasting your SSID to be malicious.</P> <P>You would see aWIPS events of Deauthentication Flood, but you need Catalyst Center for aWIPS. That being said you would see clients being dropped from your network as containment will send clients connecting to it deauthentication frames.</P> <P>Easiest way to protect is to run MFP as mandatory</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-5/config-guide/b_wl_17_5_cg/m_awips.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-5/config-guide/b_wl_17_5_cg/m_awips.html</A>&nbsp;</P> Thu, 06 Feb 2025 01:25:48 GMT https://community.cisco.com/t5/wireless/rogue-ap/m-p/5257356#M280672 Haydn Andrews 2025-02-06T01:25:48Z https://community.cisco.com/t5/wireless/rogue-ap/m-p/5272551#M281705 <P>&gt;&nbsp;<SPAN>how we can make sure our AP is not contained by neighbor WLC</SPAN><BR />You cannot control how the other WLC is configured, but if they break the law (illegal containment) you can report them to the regulator for regulatory enforcement (but a friendly chat with your neighbours might be the better option).&nbsp; But like&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/332987">@Haydn Andrews</a>&nbsp;says using MFP ensures that spoof de-auth frames (which is how containment is done) cannot be used.<BR /><A href="https://en.wikipedia.org/wiki/IEEE_802.11w-2009" target="_blank" rel="noopener">https://en.wikipedia.org/wiki/IEEE_802.11w-2009</A><BR /><A href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000bqRZSAY&amp;lang=en_US" target="_blank" rel="noopener">https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000bqRZSAY&amp;lang=en_US</A></P> Tue, 18 Mar 2025 14:50:37 GMT https://community.cisco.com/t5/wireless/rogue-ap/m-p/5272551#M281705 Rich R 2025-03-18T14:50:37Z