03-29-2012 07:20 PM - edited 07-03-2021 09:54 PM
Hi there, we are runing cisco 5500 Wireless lan controller, when I look at Rogues pages, there are a number of access points has been identified. I try to search via their MAC address in our network, but can not find any. My understanding is that those APs are not necessary the one which connectd to our lan nework, it just detected by our LAP via the air and most of them are APs running in next door office. am I correct on that? thanks in advnace. Roy
03-29-2012 07:46 PM
I try to search via their MAC address in our network, but can not find any.
You are looking at the WAP's radio MAC. The Ethernet MAC is totally a different number.
My understanding is that those APs are not necessary the one which connectd to our lan nework,
Not necessarily true.
03-29-2012 09:21 PM
Yes, I agree that there is different between the Radio MAC and MAC of an AP, in Rogue AP details, it shows both the address, I used the MAC of the AP to trace which switch and switch port it associated with it. but I do not see any, therefore I assum it is pickup via Air. not realy directly connect to our LAN network.
03-30-2012 09:36 AM
The "MAC address" field on the rogue AP detail page is the radio MAC of the possible rogue AP.
The "base radio MAC" field on the same page is the MAC of your own AP from the radio that detected the possible rogue.
Sent from Cisco Technical Support iPad App
03-30-2012 03:21 PM
I still disagree.
Just because you can't find the ethernet MAC address in your core switch doesn't mean the WAP is not INSIDE your premises.
The only way to be 100% certain is to find it by triangulating the location.
I've worked in a government facility before and they have ZERO policy with wireless (due to management ignorance). But this never stopped staff from bringing in their own laptops into the office, plugging a 3G USB modem into it, and attaching a ethernet cable to the office network. Tah-dah!
04-01-2012 03:42 AM
Roy,
Rogue means any wireless device not managed by your WLC which comes inside your AP coverage area. Same mobility group and samd RF group name is an exception. So detected rogues not necessarily be in your wired network. There are multiple options available in WLC to validate rogue is in wire or not. RLDP is one mechanism unfortunatly it works only if the SSID broadcasted by rogue AP is open. Other option is rogue detector AP which work only if rogue in your same L2 network. Try enabling these methods so you can validate if the rogue is in wire or not. Hope this helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide