Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
1
Helpful
1
Replies

Cisco CatCenter and WLC 9800 Rogue Auto Containment

joeharb
Level 5
Level 5

‎08-18-2025 11:44 AM

I am working on starting to create some rules for Auto Containment with our CatCenter and WLC.  I created a rule that is based on SSID and I now see that the AP's are classified as the new type.  I set both the new rule and the profile to Auto-Containment Enabled, but it doesn't appear that containment is being started.  I can manually contain within CatCenter but Auto isn't working.  I did notice that the Honeypot rule is part of the new profile and it is not set to enabled for Auto-Containment, does every rule have to be set to this for it to work?

Please advise on how to troubleshoot.

Thanks,

Joe

Labels:
0 Helpful
1 Reply 1

Haydn Andrews
VIP
VIP

‎08-18-2025 03:19 PM

Auto containment needs to be in both the profile and the rule

Word of warning, you want to make 100% sure its a threat, and within your building before containining as there could be legal ramifications of containiment. You also want post containment to send someone out to find the rogue and remove it physically as containment will chew up resources of the AP doing containment, model dependant could also prevent it from servicing clients.

There is also a limit of the number of containments that the WLC can actually support.

Auto-containment is applicable only for High level threat.

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card