Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1364
Views
5
Helpful
3
Replies

Rogue Access Points

Go to solution
HenkFeenstra
Level 1
Level 1

‎03-05-2013 07:22 AM - edited ‎07-03-2021 11:40 PM

Hi everybody,

I have a question about Rogue Access Points.

We have a Wlan controller (2504) and it sees rogue access points.

I know there are some tools, if you tell it that it's a bad rogue access point, it starting to kick people of that access point. Just to be sure that no one is on that access point that can join your network for some reason.

But with the Cisco 2504 i have some options. As you all will know.

But i wonder what happens if i set it to malicious. I know what friendly means. I don't want that i screw up that access point of our neighbours. But now it stays there in the rogue list. I tell it's friendly and thats oke but i wonder what happens if i tell the controller that it's malicious and then i say contain.

I get a warning message from the controller about some legal things etcetc. so i cancelled it.

Can anyone tell me?

Thanks!

Henk Feenstra

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-05-2013 07:27 AM

You can get into trouble using containment because it does a denial of service attack. As long as the rogue access point isn't in your building, who cares. If there is an access point that is using your SSID, then go for it and contain the AP, but just make sure:)

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-05-2013 07:27 AM

You can get into trouble using containment because it does a denial of service attack. As long as the rogue access point isn't in your building, who cares. If there is an access point that is using your SSID, then go for it and contain the AP, but just make sure:)

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
HenkFeenstra
Level 1
Level 1

‎03-05-2013 08:17 AM

That is what I suspected it would do :-) :-)
Thanks for the answer


Sent from Cisco Technical Support Android App

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to HenkFeenstra

‎03-05-2013 08:25 AM

No problem... So if someone contained one of my AP's, I would see it in the log and would know what AP is doing the containing.... Then I would have to walk over to the company and politely asked then to stop:)   This is what you would see:

1

Thu Feb 21 18:49:05 2013

Warning: Our AP with Base Radio MAC f4:ea:67:0e:6f:80 is under attack (contained) by another AP on radio type 802.11b/g

This is what you will see in the syslog:

*spamApTask1: Feb 21 18:49:05.141: #LWAPP-1-AP_CONTAINED: spam_lrad.c:33698 AP AIR-CAP3602E-A-K9-MAP is being contained on slot 0

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card