04-01-2012 02:43 AM - edited 07-03-2021 09:55 PM
I am managing wireless network in a convention centre which has almost 2000 APs and 28 WLCs. RF ID and location tracking enabled. In WLC I can see 500+ rogues getting detected in each WLC in different mac address. Few of these mac I can trnasilate into vendors and few of them I cant. Most of this mac addresses ends in 40:00. Any idea wht is these rogues are as they have a particular pattern in their mac address. Is this can be something like a fake AP attack ? Attaching a screenshot. Details of almost all of this rogue in WLC is shown as Unknown.
04-07-2012 04:22 AM
Atlast cisco conformed this is a bug in WLC code.
CSCtr91576 | AP 3502 in Monitor mode reports false rogues. |
Initially cisco pointed a possible fake AP attack in the network and later (after 4 days ) they corrected it as a bug in their code.
We had spend atleast 30 hours on phone with Cisco TAC and escalation for this conformation.
Worst part was Cisco MSE locating these bugs on the map.
04-09-2012 01:34 AM
oops, 30 hours spent and it was a bug! 0_o
Such bugs just waste of time!!
Jibin: The bug seen to be hitting 7.0.116.0. It should be fixed in later versions than 7.0.116.0.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide