Solved: rogue ap's in wlc

suthomas1 · ‎12-14-2011

Hello,

In the wlc summary page, i am seeing Active rogue Ap's , clients and adhoc rogues with no's quoted.

1. what exactly does each of these mean

2. does it mean rogue clients & AP's have connected to my network or are they simply seen via radio

3. if they are connected to my network, how does this happen

4. what are the steps to get rid of these

thanks in advance

Stephen Rodriguez · ‎12-14-2011

Active Rogues - Are AP's that are not on your WLC(s) that your AP's can hear. There are some settings in the rogue policies, that you can set the RSSI threshold for 'friendly' vs 'malicious.

No, this does not mean they are on your network. It simply means the WLC/AP hears other AP that are not on your network. However, if you have WCS, you can plot the rogues to see if they appear to be in your building(s) or not.

If they are connected to your network, it is because somebody plugged a device into your LAN that has AP capapbilites. If you have a 'spare' AP, you can connect it to your WLC and put it in Rogue Detector mode and enable RLDP. Then configure the switchport it is on, to be a trunk. This AP will then listen to ARP, and pass the information to the WLC. The WLC then looks at the rogues to see if the mac addresses match up, and if they do, you get alerted to a rogue on the wire.

Take a look at the below link for more information on rogues.

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080b40901.shtml

HTH,

Steve

----------------------------------------------------------------------------------------------------------

Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

Stephen Rodriguez · ‎12-14-2011