Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
0
Helpful
4
Replies

Selective rogue auto-containment

Mirek_Tichy
Level 1
Level 1

‎07-09-2024 04:03 AM

9800-40, 17.12.3, 1000 AP, 4 sites

I would like all APs to detect rogues but only a subset of them to perform a rogue containment. For example one site is more open and public so we are not alowed to contain rogues while another one is closed and private and the containment can be performed..

The only thing I can is to disable rogue detection in a AP join. I would like to keep detection but not contain.

Is there any way to do it?

Mirek

Labels:
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎07-09-2024 06:16 AM

 

  - FYI : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/rogue-per-ap.html
   >...Rogue detection is configured per AP or for a group of APs. The rogue AP detection is configured under the AP profile. The           rogue AP detection configuration enabled by default and is part of the default AP profile.

                                  Check the entire document too ,  

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Mirek_Tichy
Level 1
Level 1
In response to marce1000

‎07-12-2024 12:10 AM

THX, but my original question was: "How to configure a subset of APs to keep rogue detection but not participate in the autocontainment"

MiTi

0 Helpful

Haydn Andrews
VIP Alumni
VIP Alumni

‎07-09-2024 03:55 PM

Be careful with containment! There are large fines if used incorrectly: https://edition.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/index.html 

You want to make sure the rogue is within your network and an actual threat not someones hotspot or neighbouring companies wireless networks.

The other thing is it will tax your AP whilst containing it.

Catalyst Centre has a really nice rogue rule set that enables you to filter the rogues and also do things like create the rules in an easy GUI format

I would recommend only containing rogues where they are honey pots (using your SSIDs) or a rogue on the wire:
Rogue on wire: 

A "Rogue AP on wire" is an unauthorised access point that is physically connected to the wired network infrastructure without authorization or approval. This type of rogue access point is particularly concerning because it can be used to bypass security controls and provide an attacker with a direct connection to the wired network.


A rogue AP on wire can be intentionally or accidentally connected to the wired network by an employee, contractor, or malicious actor. Once connected, the rogue AP can provide unauthorised wireless access to the network, potentially allowing an attacker to compromise sensitive data or resources.

Honeypot: 

A rogue access point (AP) that mimics a legitimate AP in order to intercept and manipulate network traffic.

 

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
0 Helpful

Mirek_Tichy
Level 1
Level 1

‎07-11-2024 07:39 AM

Thanks Haydn, it's clear. It is just the reason why we want to do it selectively strictly in closed company offices. But want to keep monitoring other areas.

Mirek

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card