Solved: Active Rogue APs

Babak KHorshid · ‎12-15-2014

Hi

is there any way to block whatever wireless AP around except the one with our SSID AUTOMATICALLY?

we are school and students comes up with their pocket wifi and mobiles. I can see 300 devices as Active Rogue APs. I am auto containing them manually which is a pain. I need the WLC to kill whatever wifi it can see. is it possible to create a template to kill anything except our SSID?

Regards

Stephen Rodriguez · ‎12-16-2014

Yes, you can configure Rogue Rules and contain the signals that are inside your building that are not supposed to be there.

BE EXTREMELY CAREFUL WHEN YOU DO THIS!! as Rasika stated, it is illegal ( considered hacking) to block a neighbors legitimate signal, so I would probably use the RSSI of the signal as well as other attributes.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0111110.html

HTH,
Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

Stephen Rodriguez · ‎12-17-2014

You don't need to go after the SSID, or not only the SSID.

There are a couple of options around the classification including RSSI, Client count, No encryption. and you can set the rules to be match-any

--

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

Rasika Nayanajith · ‎12-15-2014

2.4GHz & 5GHz is free band, so anyone can use this frequency range. So it is illegal to block anyone who is using that frequency range.

Rasika

Babak KHorshid · ‎12-15-2014

Hi Rasika.

It is illegal for them to bring the freaking mobile or packet wi-fi in to the school and have it on! but they do it! I can deal with the Business manager regarding the legal stuff but is there any automatic way of doing that on the wireless lan controller?

By the way nice to hear from you. you seems to taking some days off from updating your website :)

Stephen Rodriguez · ‎12-16-2014

Yes, you can configure Rogue Rules and contain the signals that are inside your building that are not supposed to be there.

BE EXTREMELY CAREFUL WHEN YOU DO THIS!! as Rasika stated, it is illegal ( considered hacking) to block a neighbors legitimate signal, so I would probably use the RSSI of the signal as well as other attributes.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0111110.html

HTH,
Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Babak KHorshid · ‎12-16-2014

Thanks Stephen

we are school in a very open area. there are no other neighbour around us. the only signal should be our's .Students are not allowed to bring phone or Wi-fi devices. They can connect to our network. what they shouldn't do is to come into our environment and bring up they own network. I don't see this as illegal but I'll speak with our Business Manager and let him no about the concern but I believe he will be OK.

By the way. about the rule, the ssid—Requires that the rogue access point have a specific SSID. they are 300 devices each with different SSID. I cant create a rule for each one. thats my problem. is there a way to say anything OTHER than our SSID? just one rule? its not practical to create a rule for every SSID

Regards

Stephen Rodriguez · ‎12-17-2014

You don't need to go after the SSID, or not only the SSID.

There are a couple of options around the classification including RSSI, Client count, No encryption. and you can set the rules to be match-any

--

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Rasika Nayanajith · ‎12-17-2014

By the way nice to hear from you. you seems to taking some days off from updating your website :)

Yes, I am taking some rest after busy 3-4 months :) Haven't forgotten about your request on client debug part 3 though, it'll come.

Rasika

gohussai · ‎12-17-2014

Hello Babak

As mentioned earlier you have to use RSSI, Client count, No encryption for your rouge rule set.

further more i haven't tried it but i think you can also specify SSID what your talking about, Means you can allow your SSID and block all others in your rule.

Babak KHorshid · ‎12-18-2014

Hi . sorry Im very confused in this.you are saying : Means you can allow your SSID and block all others in your rule.

now when I go to Security > rouge rules > and create a rule then I have an option of SSID. if I choose that and put my XXXX SSID then the type is friendly or malicious and the action is alert or contain. I don't find it right. it should be like allow or disallow . Options are define in the rule for an additional SSID and required action for it. they dont look like allowing the main SSID.

can you please guide me how can I create a rule to allow only my SSID please?

Regards