03-03-2007 02:47 PM - edited 07-03-2021 01:43 PM
All,
Just saw this in Open caveat the Field Notes for the LWAPP Upgrade Image 12.3.7-JX. Nicely tucked away at the end of the doc. Has anyone seen this? I have upgraded 100s of 1231s across a wide footprint and have not seen a single wired-side rogue (Threat level alert) in the WCS (and I'm not blocking the RLDP ports), which is highly unlikely in my environment.
I hope this does not mean all APs upgraded using this stub recovery image will not be able to alert properly on wired-side rogues. Thsi doesn't seem to make sense since the APs load a new code once joined to a controller, correct?
CSCsb47748?When the Rogue Location Discovery Protocol (RLDP) is enabled on a controller, associated access points converted to lightweight mode do not detect rogue access points as a threat.
03-08-2007 11:54 AM
Does the rogue alert events come up if you disable RLDP? Have you tried this just to make sure if you are hitting this bug. You can try disabling RLDP by creating a filter.
03-08-2007 12:48 PM
Beth,
I need RLDP to detect the wired-side rougues don't I? Without this enabled, the Local Mode APs won't try to associate to wired-side Rogue APs and report them to the controller.
I'm getting plenty of Rogue AP Alerts (code Yellow), just not the Threats (Code Red) indicative of wired-side rogues.
03-22-2007 02:24 PM
I have observed the lack of this working correctly as well. Even in an all-Cisco infrastructure with Cisco-branded APs (that were older known equipment that the controller was identifying as "rogue APs".
Is this going to be addressed in the new release in May?
- John
03-27-2007 08:52 AM
One update after talking to Cisco:
The mechanism used to find rogue APs is by the controller attempting to ping itself through the wireless.
This ONLY works if the rogue AP has its settings security as OPEN.
Therefore, if the rogue is on network, but has any kind of security - even WEP - it will not show up as on network.
- John
03-27-2007 09:15 AM
Thanks John,
Yeah we're aware of that - but we're as certain that there's some out there that are open. In fact I had this working under WLC 3.0 versions with an open Apple Airport Express AP. This does not seem to work anymore with 4.x. The Caveat regarding the LWAPP Recovery image causing APs not to report Rogues as Alerts is puzzling. Doesn't this code get overwritten by the controller after its upgraded, or is the LWAPP code just a wrapper that encapsulates everything sent from the IOS Upgrade image (kernel)? This is what it sounds like...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide