12-30-2009 09:00 AM - edited 07-03-2021 06:23 PM
I need a bit of info with the below topics.
Q1. What is a Rogue AP?
Q2. WLC 4400 is detecting a number of rogue access points from neighboring buildings. How should the WLC 4400 deal with these rogue access points?
Q3. Can the WLC 4400 block these accees points from broadcasting their SSID's into our air space?
Regards,
Colm
Solved! Go to Solution.
12-30-2009 12:25 PM
For the Clases, you have the ability to define what criteria must be met for a roge to be called friendly or malicious. Under the Security tab > Wireless Protection Policy, Rogue Policies, Rogue Rules.
Class Type:
unclassified <--- AP detected but not matching any policy
friendly <--- AP matches the criteria of a friendly AP
malicious <--- AP matches the criteria of a malicious AP
Update Status:
Contain <--Contain the AP, uses our own AP to spoof the AP to get the clients to join "us" instead of "them" , once again, you need to be real careful with this, as if you are containing your neighbors, there can be reprocussions
Alert <-- Just a message saying there is a rogue
12-30-2009 11:05 AM
Q1. What is a Rogue AP?
A Rogue is an AP that we can hear, that is not part of the RF Group. Rogue on the Wire is an AP that is not part of our RF Group, and is found in ARP on the LAN.
Q2. WLC 4400 is detecting a number of rogue access points from neighboring buildings. How should the WLC 4400 deal with these rogue access points?
WLC should alert you that there are other AP's out there that can be heard, by default.
Q3. Can the WLC 4400 block these accees points from broadcasting their SSID's into our air space?
Yes, BUT! There can be legal reprocutions from "containing" these rogues. Best bet, is to find out who owns them and work with them to get the power lowered.
12-30-2009 12:18 PM
Thanks Steve for great feedback.
How do the WLC 4400 block or contain these rougue access points. Can you explain the below options.
Class Type:
unclassified
friendly
malicious
Update Status:
Contain
Alert
Q3. Can the WLC 4400 block these accees points from broadcasting their SSID's into our air space?
Yes, BUT! There can be legal reprocutions from "containing" these rogues. Best bet, is to find out who owns them and work with them to get the power lowered.
Regards,
Colm
12-30-2009 12:25 PM
For the Clases, you have the ability to define what criteria must be met for a roge to be called friendly or malicious. Under the Security tab > Wireless Protection Policy, Rogue Policies, Rogue Rules.
Class Type:
unclassified <--- AP detected but not matching any policy
friendly <--- AP matches the criteria of a friendly AP
malicious <--- AP matches the criteria of a malicious AP
Update Status:
Contain <--Contain the AP, uses our own AP to spoof the AP to get the clients to join "us" instead of "them" , once again, you need to be real careful with this, as if you are containing your neighbors, there can be reprocussions
Alert <-- Just a message saying there is a rogue
12-30-2009 12:31 PM
Thanks Steve.
If you contain a rougue access point. That happens this access point?
12-30-2009 12:38 PM
yes.
12-30-2009 12:55 PM
If you contain an AP, does this disable the AP for all clients in the shared airspace or all airspace?
12-30-2009 02:14 PM
Only clients that are within range of your access point that is containing the rogue will be deauthenicated.
12-30-2009 02:32 PM
I'd be very careful trying to contain Rogue APs/Clients because you and/or your company can be brought to court.
I have, in several occasions, successfully done so because I made sure the Rogue AP and/or clients were physically found INSIDE our company's premises. When the offenders raised a trouble ticket (after buying three APs) we confronted them (with cricket bat!) they initially denied but I gave them the facts: AP's manufacturer, the SSID, no encryption (duh!), the clients associated to the AP, they meekly admitted and pulled down their "cowboy" network lest I report them to the CIO.
Otherwise, if the signals are coming from OUTSIDE the premises, I have little choice but ignore them.
01-23-2018 08:42 AM - edited 01-23-2018 08:47 AM
Can you please let us know how it was resolved? When implementing policy do the Rogues disappear? Will it help performance of legitimate AP's?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide