We have two switches 3750 each supports 25 AP WLC software is version 22.214.171.124 Lately we have discovered about 100 Rogue AP that we are making them Malicious Rogue APs is this enough to contain them and making them not affecting our wireless network. Also what is the difference between Malicious Rogue AP and Contained Rogue AP?
Classifying the Rogues
what's the reason for running these WLCs on 5.x, at least get them upgraded to 126.96.36.199 as 7.0.x the last supported on these.
Upgrade your OS version to minimum 7.x
Any device that shares your spectrum and is not managed by you can be considered a rogue. A rogue becomes dangerous in the following scenarios:
•When the Rogue AP uses the same SSID as your network (honeypot).
•When the Rougue AP device is detected on wired network also.
•Ad-hoc rogues are also a big threat.
•Setup by an outsider with malicious intent.
There are three main phases of rogue device management in Cisco Unified Wireless Network (UWN) solution:
•Detection - Radio Resource Management (RRM) scanning is used to detect the presence of rogue devices.
•Classification - Rogue Location Discovery Protocol (RLDP), Rogue Detectors and switch port tracing are used to identify if the rogue device is connected to the wired network. Rogue classification rules also assist in filtering rogues into specific categories based on their characteristics.
•Mitigation - Switch port Trace and shutting down, rogue location, and rogue containment are used to track down physical location and nullify the threat of rogue devices.