Cisco Cisco 5520 Wireless Controller Technical References
40
Rogue Management in a Unified Wireless Network using v7.4
Rogue Containment:
AP#show capwap ids rogue containment dot11Radio 0/1 chan
AP#debug capwap ids rogue containment address <mac add>
AP#debug capwap ids rogue containment
AP#show capwap ids rogue containment d0/d1 rad
Recommendations
•
Initiate RLDP manually on suspicious rogue entries.
•
Schedule RLDP periodically.
•
If you have known rogue entries, add them in the friendly list or enable validation with AAA and
make sure known client entries are there in the AAA database.
make sure known client entries are there in the AAA database.
•
RLDP can be deployed on local or monitor mode APs. For most scalable deployments, and to
eliminate any impact on client service, RLDP should be deployed on monitor mode APs when
possible. However, this recommendation requires that a monitor mode AP overlay be deployed with
a typical ratio as 1 monitor mode AP for every 5 local mode APs. APs in Adaptive wIPS monitor
mode can also be leveraged for this task.
eliminate any impact on client service, RLDP should be deployed on monitor mode APs when
possible. However, this recommendation requires that a monitor mode AP overlay be deployed with
a typical ratio as 1 monitor mode AP for every 5 local mode APs. APs in Adaptive wIPS monitor
mode can also be leveraged for this task.
Rogue Detector AP
•
Rogue entry in a rogue detector can be seen using this command in the AP console. For wired
rogues, the flag will be set.
rogues, the flag will be set.
Rogue_Detector_5500#show capwap rm rogue detector
CAPWAP Rogue Detector Mode
Current Rogue Table:
Rogue hindex = 0: MAC 0023.ebdc.1ac6, flag = 0, unusedCount = 1
Rogue hindex = 2: MAC 0023.04c9.72b9, flag = 1, unusedCount = 1
!--- once the flag is set, rogue is detected on wire
Rogue hindex = 2: MAC 0023.ebdc.1ac4, flag = 0, unusedCount = 1
Rogue hindex = 3: MAC 0026.cb4d.6e20, flag = 0, unusedCount = 1
Rogue hindex = 4: MAC 0026.cb9f.841f, flag = 0, unusedCount = 1
Rogue hindex = 4: MAC 0023.04c9.72bf, flag = 0, unusedCount = 1
Rogue hindex = 4: MAC 0023.ebdc.1ac2, flag = 0, unusedCount = 1
Rogue hindex = 4: MAC 001c.0f80.d450, flag = 0, unusedCount = 1
Rogue hindex = 6: MAC 0023.04c9.72bd, flag = 0, unusedCount = 1
Useful debug Commands in an AP Console
•
Simulate Rogue Detector using below test command.
•
Verify the existence of wireless Rogue MAC from Rogue Detector joined WLC - e804.620a.b66b
Wired Rogue MAC address in test - e804.620a.b66c. Run the debug followed by the test command.
Wired Rogue MAC address in test - e804.620a.b66c. Run the debug followed by the test command.
Rogue_Detector#debug capwap rm rogue detector
*Jun 18 08:37:59.747: ROGUE_DET: Received a rogue table update of length 170
*Jun 18 08:37:59.747: ROGUE_DET: Got wired mac 0023.ebdc.1ac4
*Jun 18 08:37:59.747: ROGUE_DET: Got wired mac 0023.ebdc.1ac5
*Jun 18 08:37:59.747: ROGUE_DET: Got wired mac 0023.ebdc.1aca
*Jun 18 08:37:59.747: ROGUE_DET: Got wired mac 0023.ebdc.1acb
*Jun 18 08:37:59.747: ROGUE_DET: Got wired mac 0023.ebdc.1acc