Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
1
Helpful
3
Replies

Rogue Policy on 9800 for notification deviation

Go to solution
SpencerCal
Level 1
Level 1

‎04-11-2024 12:22 PM

I'm working on getting our standards in place for Rogue AP management on 9800s and I've come across this setting that I'm struggling to understand.

wireless wps rogue client notify-min-deviation 5
wireless wps rogue ap notify-rssi-deviation 5

Description from documentation : Configures the RSSI deviation notification threshold for rogue clients/APs. Valid range for the RSSI threshold in dB is 0 dB to 10 dB.

I saw in a Cisco live slideshow that it was recommended to set this to something around 5, but I don't really understand what I'm setting here. All I know is that it was supposed to be setup to reduce notifications. Can anyone else me out?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Consel
Level 1
Level 1

‎04-11-2024 11:16 PM - edited ‎04-14-2024 10:31 PM

The "wireless wps rogue client notify-min-deviation" and "wireless wps rogue ap notify-rssi-deviation" settings you mentioned are related to Rogue AP management on Cisco Catalyst 9800 Series Wireless Controllers. Let's break down what these settings do:

1. wireless wps rogue client notify-min-deviation: This setting configures the minimum RSSI (Received Signal Strength Indication) deviation threshold for rogue clients. RSSI is a measure of the power level received by the wireless client's antenna from an access point (AP). Setting a value here means that if the RSSI of a rogue client differs from the expected RSSI by at least this amount, a notification will be generated.

2. wireless wps rogue ap notify-rssi-deviation: This setting configures the RSSI deviation threshold for rogue access points. Similar to the client setting, it determines the minimum difference in RSSI that will trigger a notification for rogue APs.

The recommended value of 5 dB is suggesting that you set the threshold for rogue client and AP notifications to 5 dB. This means that if the measured RSSI of a rogue client or AP deviates from the expected RSSI by 5 dB or more, a notification will be generated.

Setting these thresholds helps to reduce unnecessary notifications by filtering out insignificant RSSI variations that might occur due to environmental factors or normal fluctuations in signal strength. By setting a threshold, you ensure that only significant deviations trigger alerts, thereby reducing noise and false positives in your Rogue AP management system.

In summary, by setting these values to 5 dB, you're essentially telling the system to only notify you when there's a substantial deviation in RSSI, which helps in better managing rogue APs and clients without being overwhelmed by irrelevant notifications.

Lee County Property Appraiser

View solution in original post

3 Replies 3

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎04-11-2024 11:12 PM

 

 - Ref : https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2023/pdf/BRKEWN-3004.pdf
               Start reading from Rogue Notification Triggers

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Consel
Level 1
Level 1

‎04-11-2024 11:16 PM - edited ‎04-14-2024 10:31 PM

The "wireless wps rogue client notify-min-deviation" and "wireless wps rogue ap notify-rssi-deviation" settings you mentioned are related to Rogue AP management on Cisco Catalyst 9800 Series Wireless Controllers. Let's break down what these settings do:

1. wireless wps rogue client notify-min-deviation: This setting configures the minimum RSSI (Received Signal Strength Indication) deviation threshold for rogue clients. RSSI is a measure of the power level received by the wireless client's antenna from an access point (AP). Setting a value here means that if the RSSI of a rogue client differs from the expected RSSI by at least this amount, a notification will be generated.

2. wireless wps rogue ap notify-rssi-deviation: This setting configures the RSSI deviation threshold for rogue access points. Similar to the client setting, it determines the minimum difference in RSSI that will trigger a notification for rogue APs.

The recommended value of 5 dB is suggesting that you set the threshold for rogue client and AP notifications to 5 dB. This means that if the measured RSSI of a rogue client or AP deviates from the expected RSSI by 5 dB or more, a notification will be generated.

Setting these thresholds helps to reduce unnecessary notifications by filtering out insignificant RSSI variations that might occur due to environmental factors or normal fluctuations in signal strength. By setting a threshold, you ensure that only significant deviations trigger alerts, thereby reducing noise and false positives in your Rogue AP management system.

In summary, by setting these values to 5 dB, you're essentially telling the system to only notify you when there's a substantial deviation in RSSI, which helps in better managing rogue APs and clients without being overwhelmed by irrelevant notifications.

Lee County Property Appraiser

Go to solution
jwikiera
Cisco Employee
Cisco Employee

‎09-03-2024 12:06 AM

if a Rogue AP / rogue client RSSI changes less than the configured threshold since the last telemetry update, then the change is stored by the wireless controller, but no immediate update is sent via the yang/netconf telemetry (used by Cisco Catalyst Center(DNA Center), PRIME) and to CMX (Cisco proprietary NMSP protocol). 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card