09-18-2023 01:55 PM
Hi All,
I’m looking for some advice on how to setup a way to detect and alarm (snmp/email/or applet) for when a rogue is detected that uses the same SSID as one of the wlans on my network.
I essentially want the feature listed in the auto contain called “Using our SSID” but rather then try countermeasures, it generates a message so we can actually investigate. (auto containment is illegal. I believe the function actually doesn’t run based on our country code).
I am using IOS XE
As a bit of context, this is for a public facility in a busy area so I see hundreds of rogue networks. What happens from time to time is someone will broadcast the same SSID (malicious or just stupidity) as one of the WLANs we have on our system so it causes client problems. I want to get an email when the system sees it so I go an investigate it.
Thanks you!!
09-19-2023 02:35 AM
>... when a rogue is detected that uses the same SSID as one of the wlans on my network.
- You should focus on rogue detection in general : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/managing-rogue-devices.html
M.
10-04-2023 09:30 AM
Thanks for your input. I figured out a way to get it to work how I want. I am not using any monitor mode AP's so I set the system to Auto Contain for any SSID detected that I have and set the auto containment to use monitor mode AP's only. This puts any rogue that matches a SSID on my system into Containment Pending. From there in PI I was able to setup an alarm for rogues in containment to email me. In testing it, if I set a hotspot or soho wireless router to have the same ssid as one that exists on my network it is within 5 minutes that I get an email alarm. logging into the WLC, it is easy to see what SSID and the detecting AP's are seeing it... Now if I was able to apply so AI to detect similar looking SSIDs....
Thank you again,
08-19-2024 03:51 AM
Hello Alex-Pr,
have you found a solution for this?I could not find an exit I was looking for
08-19-2024 04:02 AM
I'm looking for some advice on how to set up a method (snmp/email/or applet) to detect a rogue using the same SSID as one of the wlans on my network and block or alarm him
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide