12-14-2006 11:44 AM - edited 07-03-2021 01:22 PM
We are using WCS/WLC version 4.x and are in an environment with approx. 175 access points in a multi-floor building.
We have recently seen rogue AP security events that show a "rogue" AP whose radio MAC address value is one or two more MAC addresses higher than those of our trusted APs.
Since this appears throughout the building (and appears to be detected from adjacent APs - same floor, above, or below), I am fairly certain that these "rogue" APs are false alarms.
The SSID is the same one we are using (and I understand that, theoretically, there could be the possibility that someone with a true rogue AP is out there
attempting a man-in-the middle attack). However, this seems unlikely since this "attack" appears at different areas intemittently at various locations in the building - often many simultaneously.
Has anyone else seen or experienced this?
12-15-2006 12:57 PM
Update: Apparently, this is a known issue (Bug CSCse87066 ? "Access Points associated to controllers in the same mobility group no longer appear as rogue access points.")
And the fix is to upgrade to 4.0.179.11
01-11-2007 02:04 AM
We had the exactly same symptoms as the first poster. Upgraded to ver .11 but no luck. Anyone with similar problems / solutions?
01-15-2007 10:57 AM
According to the release notes, 4.0.206.x is supposed to fix this. Apparently, in high-density deployments (such as multi-floor, high quantities of LWAPs), if the access points hear too many adjacent on-network, trusted LWAPs, the table that keeps track of these adjacent LWAPs overflows and these then become "rogue".
Hopefully, the latest/greatest firmware will resolve this. Our customer is in the process of performing the upgrade and we shuold see the results soon.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide