Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
790
Views
0
Helpful
5
Replies

Quesiton on Rogue Access Point

ciscoroyzhang
Level 1
Level 1

‎03-29-2012 07:20 PM - edited ‎07-03-2021 09:54 PM

Hi there,     we are runing cisco 5500 Wireless lan controller,  when I look at Rogues pages, there are a number of access points has been identified. I try to search via their MAC address in our network, but can not find any. My understanding is that those APs are not necessary the one which connectd to our lan nework, it just detected by our LAP via the air and most of them are APs running in next door office.  am I correct on that?  thanks in advnace. Roy

Labels:
0 Helpful
5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-29-2012 07:46 PM 

 I try to search via their MAC address in our network, but can not find any.

You are looking at the WAP's radio MAC.  The Ethernet MAC is totally a different number.

My understanding is that those APs are not necessary the one which connectd to our lan nework,

Not necessarily true.

0 Helpful

ciscoroyzhang
Level 1
Level 1
In response to Leo Laohoo

‎03-29-2012 09:21 PM

Yes,  I agree that there is different between the Radio MAC and MAC of an AP,  in Rogue AP details, it shows both the address, I used the MAC of the AP to trace which switch and switch port it associated with it. but I do not see any, therefore I assum it is pickup via Air. not realy directly connect to our LAN network.   

0 Helpful

rdvorak
Level 1
Level 1
In response to ciscoroyzhang

‎03-30-2012 09:36 AM

The "MAC address" field on the rogue AP detail page is the radio MAC of the possible rogue AP.

The "base radio MAC" field on the same page is the MAC of your own AP from the radio that detected the possible rogue.

Sent from Cisco Technical Support iPad App

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to ciscoroyzhang

‎03-30-2012 03:21 PM

I still disagree.

Just because you can't find the ethernet MAC address in your core switch doesn't mean the WAP is not INSIDE your premises.

The only way to be 100% certain is to find it by triangulating the location.

I've worked in a government facility before and they have ZERO policy with wireless (due to management ignorance).  But this never stopped staff from bringing in their own laptops into the office, plugging a 3G USB modem into it, and attaching a ethernet cable to the office network.  Tah-dah!

0 Helpful

jibinvsnl
Level 1
Level 1

‎04-01-2012 03:42 AM

Roy,

Rogue means any wireless device not managed by your WLC  which comes inside your AP coverage area. Same mobility group and samd RF group name is an exception. So detected rogues not necessarily be in your wired network. There are multiple options available in WLC to validate rogue is in wire or not. RLDP is one mechanism unfortunatly it works only if the SSID broadcasted by rogue AP is open. Other option is rogue detector AP which work only if rogue  in your same L2 network. Try enabling these methods so you can validate if the rogue is in wire or not. Hope this helps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card