Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
1
Helpful
3
Replies

Wifi AP bridges off WLC

paul-d
Level 1
Level 1

‎03-30-2023 07:54 AM - edited ‎03-30-2023 07:55 AM

Hi,

I have a pair of 9800 WLC's along with Prime Infrastructure Management,

Is it possible to find devices that have connected to my wifi and are bridging/ rebroadcasting to another wifi network/ SSID, in effect taking my wifi and rebroadcasting it as their own?

I know prime has rouge network detection for devices broadcasting my lan network,so I need the above specifically. 

Labels:
0 Helpful
3 Replies 3

Scott Fella
Hall of Fame
Hall of Fame

‎03-30-2023 08:12 AM

If anyone is trying to do that, then you would see that in the rogue device list.  You would be able to identify those device because multiple ap's would see that device with a strong signal.  This is a way to determine if you have a rogue access point within your network.  Prime has a feature for tracking, but you have to have all your switches in Prime and then its typical an access point, not rebroadcasting.  

Have you tested that scenario to see if it works when you try it?  I didn't think that would work or at least not pass the traffic unless you have passive client enabled, which allows for more than one Mac address on a connection.  This is used when folks are using virtual machines on their devices and require bridging.  This is not needed when nat is used.   

I think looking at rogue device list is better because depending on how the user is doing this, they might just nat.

-Scott
*** Please rate helpful posts ***

paul-d
Level 1
Level 1
In response to Scott Fella

‎04-03-2023 01:32 AM

Hi Scott,

Would that be rouge devices on the 9800 WLC or Prime?

Cheers, Chris 

0 Helpful

Flavio Miranda
VIP
VIP

‎04-03-2023 04:11 AM

Hi

 Dont think you can identify it with Prime. if the device is connected to your wifi network, it is going to be seeing as a legitim device. 

  And to identify any device advertising your ssid, you need to enable it on the WLC to send trap to Prime. You can eventually fight back by sending deauthentication packets with  autocontainment and the log will be showing on the Prime. 

wIPS is another option but cisco is no longer developing MSE.

Rogues Access Points is a farly trustworthy information cause the Rogue AP is that unable to decrypt the hash send by others AP. So the WLC is able to identify which one is legitim and which one is Rogue.

You can enable it by using in case you dont

(Cisco Controller) > config rogue ap rldp enable alarm-only monitor-ap-only

 But for rogue clients what you are going to see is a lot of false positive. Very hard to identify rogue clients due the lack of trustworthfly information exchange between clients and network.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card