08-14-2019 05:27 AM - edited 07-05-2021 10:51 AM
Currently we are testing rogue detection/containment functionality on 5520 WLC on a small area (around 20 square meters), with a couple 2800 series APs in local mode and one 4800 series AP in monitor mode.
Detection and classification of rogue APs works correctly, within a couple of minutes. On the other hand rogue containment (both manual and automatic) don't seem to work. I captured packets on Wifi channel 1 on which my rogue AP is broadcasting and during containment not a single deauth package was found. To check if I was capturing them correctly I attacked my own rogue AP using aireplay-ng which generated deauth packets and that worked perfectly (packets seen in Wireshark and clients were unable to connect to the AP).
Further info, my test rogue AP in this case was a phone (Huawei P20) which was configured to broadcast SSID identical to managed SSID in WLC. All distances between rogue AP, local mode APs and monitor mode AP are within 5 meters in open space without much interference. Below are the APs that see particular rogue AP. Even when selecting maximum number of APs (4) to contain, always just the 4800 does the containment on it's two radios. Furthermore, under "containment type" column in below view, after containment is initiated it says "Discourage", I was unable to find which containment types exist and what exactly they do.
Below is what we configured regarding Rogue detection in general, autocontainment was tested too and it fails in the same way as manual containment.
Questions:
1. I tried putting one 2800 series in monitor mode, removed the other monitor mode AP and start containment. WLC notified me that no APs are available to contain the rogue AP, are 2800 series AP unable of sending deauth packets?
2. How many APs in general should I need to contain and AP with 2-3 clients?
I feel like I'm missing something, although I was following configuration guide for rogue detection, and it seemed pretty straightforward.
08-14-2019 06:38 AM
08-19-2019 01:21 AM
08-19-2019 02:09 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide