@DAVID

DAVID · ‎08-04-2016

My 5508 WLC running 8.0.115 has decided to contain one of my 3700i access points and now now clients are able to connect. Unfortunately, this access point is in a remote location that I can't access as this is in a shopping mall or some other multi-retail location. What is the best way of correcting this?

d.friday · ‎08-04-2016

You can manually remove the AP from containment on the WLC

Monitor> Rouges> Unclassified APs

Select the check box next to the AP and then select Move to Alert

Select the check box next to AP and then select Remove

Go to Security tab at top of Page

Select Wireless Projection Policies

Select Rogue Polices

Select Friendly Rogue

Add MAC Address and Click Apply

This should keep the AP from getting blocked again

DAVID · ‎08-04-2016

I actually have an open case with TAC (SR680704329) with this. What we are discovering is that the B/G radio on access point.

From Prime 3.0 I can get the critical alarms for the access point that tell me the following: " AP 'RRS0664AP37' is being contained. This is due to rogue device
spoofing or targeting AP 'RRS0664AP37' BSSID on '802.11b/g' radio."

Because of this none of the scanners will connect to the access point. TAC is convinced that my access point is probably being contained by a neighboring wireless network. Proving or disproving that the source of my containment is going to be somewhat difficult. I have done a sniffer capture from the access point at this location and why I have located a mysterious mac address doing a lot of de-auths I am at a loss of finding the smoking gun and fixing the problem.

In the client debugs there are references to DOT1x how ever on the WLAN that the scanner should connect to there is no dot.x configured only PSK as these devices do not support dot1x

wanstor · ‎04-03-2017

@DAVID

Did you ever get a fix to this?

My own access point is being contained.