Cisco Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch Maintenance Manual
Wireless
Rogue AP Detection
Cisco WAP131 and WAP351 Administration Guide
81
5
•
TSPEC AP Inactivity Timeout—The amount of time for a WAP device to
detect a downlink traffic specification as idle before deleting it. The valid
integer range is from 0 to 120 seconds and the default is 30 seconds.
detect a downlink traffic specification as idle before deleting it. The valid
integer range is from 0 to 120 seconds and the default is 30 seconds.
•
TSPEC Station Inactivity Timeout—The amount of time for a WAP device
to detect an uplink traffic specification as idle before deleting it. The valid
integer range is from 0 to 120 seconds and the default is 30 seconds.
to detect an uplink traffic specification as idle before deleting it. The valid
integer range is from 0 to 120 seconds and the default is 30 seconds.
•
TSPEC Legacy WMM Queue Map Mode—Enables or disables the
intermixing of legacy traffic on queues operating as ACM. By default, this
mode is off.
intermixing of legacy traffic on queues operating as ACM. By default, this
mode is off.
STEP 6
Click Save. The changes are saved to the Startup Configuration.
NOTE
After new settings are saved, the corresponding processes may be stopped and
restarted. When this condition happens, the WAP device may lose connectivity. We
recommend that you change the WAP device settings when a loss of connectivity
will least affect your wireless clients.
restarted. When this condition happens, the WAP device may lose connectivity. We
recommend that you change the WAP device settings when a loss of connectivity
will least affect your wireless clients.
Rogue AP Detection
The Cisco WAP351 supports the Rogue AP detection feature. A Rogue AP is an
access point that has been installed on a secure network without explicit
authorization from a system administrator. Rogue APs pose a security threat
because anyone with access to the premises can ignorantly or maliciously install
an inexpensive wireless WAP device that can potentially allow unauthorized
parties to access the network.
access point that has been installed on a secure network without explicit
authorization from a system administrator. Rogue APs pose a security threat
because anyone with access to the premises can ignorantly or maliciously install
an inexpensive wireless WAP device that can potentially allow unauthorized
parties to access the network.
NOTE
The Rogue AP Detection feature is available only on the Cisco WAP351. The Cisco
WAP131 does not support Rogue AP Detection.
WAP131 does not support Rogue AP Detection.
The WAP device performs an RF scan on all channels to detect all APs in the
vicinity of the network. If rogue APs are detected, they are shown on the Rogue AP
Detection page. If an AP listed as a rogue is legitimate, you can add it to the Known
AP List.
vicinity of the network. If rogue APs are detected, they are shown on the Rogue AP
Detection page. If an AP listed as a rogue is legitimate, you can add it to the Known
AP List.
NOTE
The Detected Rogue AP List and Trusted AP List provide information that you can
use to take further action. The AP does not have any control over rogue APs on the
lists and cannot apply any security policies to APs detected through the RF scan.
use to take further action. The AP does not have any control over rogue APs on the
lists and cannot apply any security policies to APs detected through the RF scan.
When Rogue AP detection is enabled, the radio periodically switches from its
operating channel to scan other channels within the same band.
operating channel to scan other channels within the same band.