With Saravanan Lakshmanan
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about how to monitor, troubleshoot and configure Wireless Networks using Security Protection Policies. It includes Rogue Detection, Rogue Location Discovery Protocol (RLDP), Rogue Detector, Rogue Rules, wireless intrusion detection services (wIDS), Rogue Containment, AP Authentication, client exclusion features that touches Mobility, RF grouping from wireless LAN controller.
Saravanan Lakshmanan is a Customer Support Engineer in Cisco's Technical Assistance Center (TAC) specializing in Wireless Technologies. He is an expert in debugging and troubleshooting Cisco Wireless LAN Controllers (WLANs), wireless LAN services, unified access points, wireless LAN security, autonomous APs, VoWifi, authentication authorization accounting (AAA), and radio frequency (RF). Lakshmanan helps solve high severity and critical wireless issues for Cisco's customers and partners.
Remember to use the rating system to let Saravanan know if you have received an adequate response.
Saravanan might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Wireless sub-community Security and Network Management shortly after the event. This event lasts through Friday April 19, 2013. Visit this forum often to view responses to your questions and the questions of other community members.
Adding doc link for reference:
Rogue Management in a Unified Wireless Network
Rogue Detection under Unified Wireless Networks
Rule Based Rogue Classification in Wireless LAN Controllers (WLC) and Wireless Control System (WCS)
Classifying Rogue Access Points
Managing Rogue Devices
Trusted AP Policies on a Wireless LAN Controller
Configuring IDS Signatures
Infrastructure Management Frame Protection (MFP) with WLC and LAP Configuration Example
Configuring Management Frame Protection
Configuring Client Exclusion Policies
trying to find rogue on wire using rldp technique but unable to find so far. how long does it take the trigger to detect, using linksys ap as rogue. just like the doc mentioned having similar setup. enabled those rldp debugs but no glimpse of the wlc finding rogue on wire.
unsure if debug not showing anything or getting debug output with no reference to find rogue on wire.
be sure to run this on wlc.
(Cisco Controller) > debug dot11 rldp enable
what's the config on security>> wps>> general>> Rogue Location Discovery Protocol >> drop down. Since you're using local mode ap for rldp, it should be selected as "All APs" option. there is no option to say local mode/monitor/mesh/hreap mode AP only. it has to be either monitor for monitor mode only and AllAPs for the rest of the AP modes or it can be disabled.
3500 as RD and monitor ap, been long enough and couldn't find wire rogue flag enabled on controller
this time guess got everything right. debug showing got wired mac and sure cisco seeing the linksys. power cycling linksys to force arp
Well, unfortunatlely there are two bugs with Rogue Detector feature, use the code that has fix on it.
Rogue AP detection on wire fails if radio mac is +/- 1 of ethernet mac
Cant find rogue on wire, if rogue ap on non native vlan of RD's trunk
Fixed-In 7.4MR(yet to release).
are rldp scalable to work across mobility tunnel. both wlc1 & 2 added as mobility member with tunnels up, wired mac found on wlc1 and wireless mac identified by wlc2, with rldp enabled on both wlc.
hi everyone is there any one would like to help me
i got following situation
how to share router one fastethernet port (e.g fa0/0) with different network addresses(e.g 192.168.1.1 and 192.168.2.1 and 192.168.3.1) when using them as a gateway using RIP or static routing?
any one please help me..
Please post your question to LAN - Switching, Routing section.
Get debug client output when the wireless client seeing the issue.
If the client doesn't get an ip then it can't join wlc and success roaming is not possible.
To achieve N datarate using N AP and Client follow this doc:
Configure 802.11n on the WLC
802.11n requires AES encryption to be enabled on WLANs used by 802.11n clients. You can use a WLAN with NONE as Layer 2 Security. However, if you configure any Layer 2 security, 802.11n requires WPA2 AES enabled to operate at 11n rates. Ensure that WMM is set to Allowed on the WLAN profile in order to achieve 802.11n rates.