cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
733
Views
0
Helpful
1
Replies

Cisco Prime Infrastructure 2.1 Rogue AP Report

Jesse Derks
Level 1
Level 1

Hello,

We currently are using Cisco Prime Infrastructure 2.1 (2.1.0.0.87) and have multiple site locations that are "shared" such as office buildings. Due to this we have a rogue report going over 2000 pages, and I am looking to cut that down by eliminating items that we don't particularly care about. Should a vendor be in one of our offices, we don't particularly care if they are running "MiFi32984u9", nor do we care if a neighbor is running "OtherCompanyWireless" for their own needs. We simply need to watch for a specific "company" prefixes and guard against them being spoofed to fool people.

I have been unable to find a way to filter the report in such a manner. Suggestions? Document links?

1 Reply 1

Nickolus Looper
Level 1
Level 1

Have you made any progress on this?  What follows is not a perfect answer, as I am delving into these settings as well.

From my research (& help from Cisco), it looks like one approach would be to create some rogue AP policies on your WLCs (Security > Wireless Protection Policies > Rogue Policies) to give more relevant alarms.

- You could increase detection minimum RSSI to a level where devices could really communicate 

- Rogue Rules - I'm still learning how to do these

Also, in PI > Administration > Settings > Severity Configuration, it may be helpful to adjust the severity of some alarms, which could be useful if you have email alerts configured based on certain severity levels.

Currently, I'm also exploring the rogue notification options under Reports > Report Launch Pad > Security > Rogue APs, New Rogue APs, & Rogue AP Events.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: