Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
619
Views
0
Helpful
1
Replies

What is the behavior of the user who connects to SSID honeypot after installing the auto-containment wips feature

riski.safaat
Level 1
Level 1

‎03-03-2019 10:44 PM - edited ‎07-05-2021 09:58 AM 

I am currently testing the use of the auto containment feature to detect honeypot threats. The feature is already running well, the alarm can also detect if there is a malicious threat but I am still confused about how user behavior connects to honeypot? is it still able to connect to the SSID Honeypot but is interrupted by an access point associated with WLC or should the user not be able to connect at all?

Because at this time I test user can still connect to honeypot but only intermittently.
If anyone understands this case, please help.
Labels:
Preview file
50 KB
Preview file
93 KB
Preview file
68 KB
Preview file
36 KB
0 Helpful
1 Reply 1

patoberli
VIP Alumni
VIP Alumni

‎03-04-2019 03:50 AM

See the answer here: https://community.cisco.com/t5/wireless-security-and-network/wlc-quot-rogue-containment-quot-what-does-it-actually-do/td-p/1012588
It looks like the APs near it will start to send de-authentication packets.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card