07-16-2024 03:15 AM
I'm looking for a solution to implement a rogue AP policy that classes all rogue APs broadcasting an SSID containing non-ASCII characters as malicious, in order to avoid phishing attacks such as the one described in the following article: https://aireye.tech/2021/09/13/the-ssid-stripping-vulnerability-when-you-dont-see-what-you-get/
This does not seem to be possible in the Cisco Catalyst 9800-CL Wireless Controller 17.9.5, as there is no way to match an SSID containing characters outside the ASCII range.
This could be easily handled by a regex match on the SSID but the closest thing that seems possible to do at the moment is to match an ASCII substring in the SSID, which makes it impossible to write the sort of rule I had in mind.
Does anyone here have a solution for this sort of issue, other than using an external script to check the rogue SSIDs, or do we need to wait for Cisco to add this sort of feature?
07-16-2024 03:37 AM
- I would advise to evaluate this with the latest advisory release = 17.12.3
Note , if it conflicts with business needs : any 9800 cloud-cl version can be downloaded
for free to play with and test (e,g,)
M.
07-16-2024 07:17 AM
This is not something you can do directly on the WLC - you need additional external software components. The Cisco solution is https://www.cisco.com/c/en/us/products/collateral/wireless/adaptive-wireless-ips-software/data_sheet_c78-501388.html which requires Catalyst Centre (previously DNA Centre) https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/catalyst-center-rogue-management-application/2-3-7/quick-start-guide/b_rogue_management_qsg_2_3_7/rogue_management_chapter_01.html but you could also use third party solutions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide