Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
5
Helpful
1
Replies

Determining the radio slot on an AP used to send deauthentication packets for containing Rogues APs / Rogue clients

Muhammed Adnan
Level 4
Level 4

‎07-13-2020 11:08 AM - edited ‎07-05-2021 12:16 PM

Hello Experts,

 

Do we have the means to determine the radio slot the AP uses to send the deauth frames while containing the rogue APs / rogue clients?

Since for containment, the AP will be using the spoofed mac address of the attacker, the wireless PCAPs for obvious reasons will not help in determining the same. The OUI exposed in PCAPs will however help identity that the deauth frames (broadcast/unicast) is launched by an Cisco AP (using spoofed mac address of attacker)

There could however be the debugs/ show cli’s from AP which may help us determine radio used in containment. Could someone please share the way to evaluate the radio used in containment?

 

containment.png

 

Labels:
0 Helpful
1 Reply 1

Scott Fella
Hall of Fame
Hall of Fame

‎07-13-2020 01:03 PM

Run a debug or look at the rogue ap or rogue client details in the UI.
debug dot11 rogue enable
-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card