Wireless Rogue Same SSID detection and reporting

Alex-Pr · ‎09-18-2023

Hi All,

I’m looking for some advice on how to setup a way to detect and alarm (snmp/email/or applet) for when a rogue is detected that uses the same SSID as one of the wlans on my network.

I essentially want the feature listed in the auto contain called “Using our SSID” but rather then try countermeasures, it generates a message so we can actually investigate. (auto containment is illegal. I believe the function actually doesn’t run based on our country code).

I am using IOS XE

As a bit of context, this is for a public facility in a busy area so I see hundreds of rogue networks. What happens from time to time is someone will broadcast the same SSID (malicious or just stupidity) as one of the WLANs we have on our system so it causes client problems. I want to get an email when the system sees it so I go an investigate it.

Thanks you!!

marce1000 · ‎09-19-2023

>... when a rogue is detected that uses the same SSID as one of the wlans on my network.
- You should focus on rogue detection in general : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/managing-rogue-devices.html

Also consider https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/managing-rogue-devices.html#id_136347

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !