Rogue Detector Mode at the Distribution level

trey.d.hester@vumc.org · ‎08-31-2020

We currently have over 200,000 rogue APs detected on Prime. In order to see if any of these APs are wired to our network, I'm wanting to use APs in rogue detector mode. I've seen in some documentation that this can be implemented at the access level OR the distribution level. However, I can't find anything on how to implement a Rogue Detector AP at the distribution level. Is there anything out there that shows best practices on how to do that? I would just take too long to do this at the access level.

patoberli · ‎09-01-2020

First question you need to ask yourself, what do you want to do if you actually see rogues (the neighbors APs for example). If you don't want to walk to each and every of them, or simply accept their being, then save the time and energy and simply ignore it.

On the other hand, if your company policies forbid this completely, then I suggest to delete all events. The default rogue detection algorithm runs every 15 minutes I think, so 15 minutes after you've deleted all of them you should have a fresh and current list.

Then I'd sort them by signal strength and check the strongest sending ones.

trey.d.hester@vumc.org · ‎09-01-2020

My main concern is finding rogue APs that are also attached to our wired network, as this is against company policy (and obviously disruptive to the airspace). Until we switch to cisco DNA, I don't have an easy way to do this. Rogue detector APs seem to be my best bet at finding these rogues on the wire, but our enterprise is too big to do this from switch to switch.