Rogue Access Point (AP) detection is based on the detection of an unknown radio interface broadcasting over the air. When radio monitoring detects a rogue AP, a new fault is generated.
The dadio monitoring feature uses the radio measurement capabilities on Cisco IOS APs and Cisco Client Adapters to discover any new 802.11 APs that are transmitting beacons. Both clients and APs periodically scan for other 802.11 beacon frames on all channels. Reports of detected beacons are returned to the Radio Manager, which validates these beacons against a list of APs known to be authorized to provide wireless access. A newly discovered AP that cannot be identified as a known authorized AP generates an administrator alert. You can categorize this new AP as one of these AP types:
Access Point Category Types
An AP that is authorized to provide wireless access to the LAN and requires management services provided by the WLSE.
Note: Only managed APs can participate in Radio Manager operations.
An AP that is authorized to provide wireless access to the LAN but does not require any management services from the WLSE.
An AP that is not connected to the LAN, but is known to be detectable by the client's or the AP's 802.11 radios within the managed WLAN. A friendly AP is an AP that you know exists. For example, a neighboring network's AP or a neighboring company's AP.
An AP that may or may not be connected to the LAN is detected by the client's or the AP's 802.11 radios within the managed WLAN, and has not been identified as Friendly, Unmanaged, or Managed. By default, all unknown radios are classified as Rogue until you change them to Friendly, Unmanaged, or Managed.
Use the fields in this table to change the classification of an AP from Rogue to Friendly or to delete the rogue AP from the database.
Rogue Access Point Details Table
Basic Service Set ( BSS) identifier.
The state of the device.
The name of the vendor that manufactured this AP.
Change To Friendly AP
To add this AP to the list of recognized APs, click Change To Friendly AP. Then refresh your browser window to view the updated fault display.
Note: It may be a few seconds before the classification is changed.
To delete this unknown AP, click Delete. Then refresh your browser window to view the updated fault display.
Note: It may be a few seconds before the rogue AP is deleted.
Hi AllI have a few questions around SD Access. 1. If I want to have certain users access to certain places, I believe I can I use trustsec and this uses SGT to identify the user, the question is do I need a firewall to enforce the policy between netw...
Hey All,I have 9500 series Switches which is facing the firewall and plays the DNS Proxy role for clients and everything is perfect. What is the problem I want to renew license with CSSM and therefore it needs to contact tools.cisco.com. I have tested and...
Hi all, I've been looking around for documentation on SD-WAN and what seems to be missing is some more 'advanced' logic besides the use of variables. I noticed that the newer SD-WAN release also allows CLI templates for IOS-XE devices, which already ...
Hi Team, I have connected two core layer cisco SG550 switch with two firewall, i have attached my office network topology, kindly check the details,i have configured LACP configuration on my cisco SG550 switch ports gi 1/0...