cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1505
Views
1
Helpful
9
Replies

Rogue AP's What to do?

Hello,

 

I hope everyone is doing well, quick question what is the best practice to follow when it comes to Rogue AP's. What to do with the rogue access points found by the WLC? Thanks

9 Replies 9

Refer below WLC best practice guide for rogue ap management

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-6/b_Cisco_Wireless_LAN_Controller_Configuration_Best_Practices.html#concept_92EE5D2C194D46298103E7F5F258882B

 

As you are aware, WiFi is use free band of RF, it is illegal to shutdown/contain another wireless network even if that interfere with your wireless. So you can use it to detect rogue APs in your environment, be careful with contain part of it

 

HTH

Rasika

*** Pls rate all useful responses ***

Leo Laohoo
Hall of Fame
Hall of Fame

@bhupenderrawat79 wrote:

quick question what is the best practice to follow when it comes to Rogue AP's. What to do with the rogue access points found by the WLC?


Do nothing without legal support.  There is already a precedence of business getting sued for jamming rogue APs.  

Marriott fined $600,000 by FCC for blocking guests' Wi-Fi

RichardAtkin
Level 3
Level 3

Containment legalities aside, there is also the issue with false positives...  Neighbouring APs are not the same as Rogue APs.  If your network is deployed in an urban environment, you may do well to increase the detection threshold for AP's heard by your infrastructure being classified as Rogues.  It defaults to -90dBm, but if you have even a normal density of APs in your own environment, the odds of a genuine Rogue being connected to your network but only being heard at such a low RSSI is slim.  If you increase the detection threshold to something more like -75dBm  (-70 is the upper limit), you will get fewer Neighbouring APs being reported as Rogues, allowing you to focus your efforts more.

 

If the WLC says 'Rogue is on wire', then it definitely is and you might consider taking action against it, but alternatively, if the WLC says it is not on the wire, that is not necesarily true as the Rogue on Wire detection mechanism is easily thwarted.

 

Once you have the detection piece sorted, after that strategies change depending on what you see as being the risk.  Do neighbouring APs consume all the bandiwdth, or are you worried about them being connected to your network and you leaking data?

If it's the former, consider make RRM more aggressive and/or move to 5GHz where there is generally less overlap with neighbouring APs.  If the latter, consider deploying ISE on the LAN and authenticate everything that gets onnected to your network...  also follow-up more aggressively when Rogues are reported, especially at higher RSSIs.

Scott Fella
Hall of Fame
Hall of Fame
Do nothing:) I have never done anything with rogue AP’s found in the WLC.
-Scott
*** Please rate helpful posts ***

Scott,

 

understood, but a rogue AP can cause interference, for example we are using channel 6 and another rogue AP is also using channel 6, I guess I wish there was a way to tell my AP when you detect a rogue AP move away to another less congested channel. 


@bhupenderrawat79 wrote:

I guess I wish there was a way to tell my AP when you detect a rogue AP move away to another less congested channel. 


This feature is already available.  

Leo,

 

Is this the clean air feature?

Yes it is. RRM doesn’t look in interference, CleanAir does:

https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/cleanair-technology/white_paper_c11-599260.html
-Scott
*** Please rate helpful posts ***

Like Leo mentioned, the feature is there, but if channel 6 for example is still the best channel determined by the algorithm, then the AP will stay on channel 6. Using the 2.4GHz is a bad example as that band is very congested anyways. In most areas, where there are shared tenants, the 2.4Ghz is useless due to channel overlap. 5GHz is where you should be looking. 

Like I mentioned, don’t bother looking at these rogue as, you can’t do anything about it and focus more on tweaking your environment which you can action on. You can’t do much with rogue detection unless that is your only focus and you are hunting down rogues on wired. 

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: