Showing results for 
Search instead for 
Did you mean: 

How does CiscoWorks WAN Solution Engine (WLSE) rogue AP detection work?


Core issue

Rogue Access Point (AP) detection is based on the detection of an unknown radio interface broadcasting over the air. When radio monitoring detects a rogue AP, a new fault is generated.


The dadio monitoring feature uses the radio measurement capabilities on Cisco IOS  APs and Cisco Client Adapters to discover any new 802.11 APs that are transmitting beacons. Both clients and APs periodically scan for other 802.11 beacon frames on all channels. Reports of detected beacons are returned to the Radio Manager, which validates these beacons against a list of APs known to be authorized to provide wireless access. A newly discovered AP that cannot be identified as a known authorized AP generates an administrator alert. You can categorize this new AP as one of these AP types:

Access Point Category Types

Managed AP

An AP that is authorized to provide wireless access to the LAN and          requires management services provided by the WLSE.


Note: Only managed APs can participate in Radio Manager          operations.

Unmanaged APAn AP that is authorized to provide wireless access to the LAN but does        not require any management services from the WLSE.
Friendly APAn AP that is not connected to the LAN, but is known to be detectable        by the client's or the AP's 802.11 radios within the managed WLAN. A friendly AP        is an AP that you know exists. For example, a neighboring network's AP or        a neighboring company's AP.
Rogue APAn AP that may or may not be connected to the LAN is detected by the client's        or the AP's 802.11 radios within the managed WLAN, and has not been identified        as Friendly, Unmanaged, or Managed. By default, all unknown radios are classified        as Rogue until you change them to Friendly, Unmanaged, or Managed.

Use the fields in this table to change the classification of an AP    from Rogue to Friendly or to delete the rogue AP from the database.

Rogue Access Point Details Table

BSSIDBasic Service Set ( BSS) identifier.
StateThe state of the device.
VendorThe name of the vendor that manufactured this AP.
Change To Friendly AP

To add this AP to the list of recognized APs, click Change          To Friendly AP. Then refresh your browser window to view the          updated fault display.


Note: It may be a few seconds before the classification          is changed.


To delete this unknown AP, click Delete. Then refresh          your browser window to view the updated fault display.


Note: It may be a few seconds before the rogue AP is          deleted.