Rogue AP Contain on SSID questions and issues

mac1234 · ‎02-21-2020

My ultimate goal is that I want to be able to contain rogue AP's that are detected broadcasting (spoofing) SSID's that our controller is broadcasting.

I see that this can easily be done at: Security>Wireless Protection Policies>Rogue Polices>General>Auto Contain> Check box = Using our SSID = enabled.

I tested this above setting and it seems to work: in my test I set up an un-managed AP broadcasting one of our SSID's and our WLC detected the AP as a rogue and classified as malicious and began to contain. Perfect.

HOWEVER, here is the issue: we share our building with another organization and we both broadcast our Public wireless network using the same SSID so that guests in our building can use a single SSID for wireless access.

The by using the above setting of Auto Contain on "Using our SSID" we inadvertently blocked the AP's of the other organization broadcasting the Public wireless SSID.

Now my question is how can I auto contain on specific SSID's we broadcast and not on others such as the Public SSID? I have tried to create a rogue rule and specify an SSID, but this results in an error that states: " Condition Failed: SSID Exists in WLAN Configuration.

How, can I make this work?

pieterh · ‎03-18-2020

you may try to classify the shared organizations AP's as "friendly rogue access points" before you enable AP containment

but then again, when this party decides to add an acces-point, you also need to add this as a friendly rogue..

In my opinion auto-containment is not a very useful option.

patoberli · ‎03-24-2020

I don't know in which country you live, but in most countries it's forbidden to disturb a foreign wireless network.