Cisco Cisco 5508 Wireless Controller Referencia técnica
10
Rogue Management in a Unified Wireless Network using v7.4
Rogue Detector AP
A rogue detector AP aims to correlate rogue information heard over the air with ARP information
obtained from the wired network. A positive match is based on the wired and wireless MAC address with
difference of +1/-1. If a MAC address is heard over the air as a rogue AP or client and is also heard on
the wired network, then the rogue is determined to be on the wired network. If the rogue is detected to
be on the wired network, then the alarm severity for that rogue AP is raised to “Critical”. It should be
noted that a rogue detector AP is not successful at identifying rogue clients behind a device using NAT.
obtained from the wired network. A positive match is based on the wired and wireless MAC address with
difference of +1/-1. If a MAC address is heard over the air as a rogue AP or client and is also heard on
the wired network, then the rogue is determined to be on the wired network. If the rogue is detected to
be on the wired network, then the alarm severity for that rogue AP is raised to “Critical”. It should be
noted that a rogue detector AP is not successful at identifying rogue clients behind a device using NAT.
Scalability Considerations
A rogue detector AP can detect up to 500 rogues and 500 rogue clients. If the rogue detector is placed
on a trunk with too many rogue devices, then these limits might be exceed, which causes issues. In order
to prevent this from occurring, keep rogue detector APs at the distribution or access layer of your
network.
on a trunk with too many rogue devices, then these limits might be exceed, which causes issues. In order
to prevent this from occurring, keep rogue detector APs at the distribution or access layer of your
network.
RLDP
The aim of RLDP is to identify if a specific rogue AP is connected to the wired infrastructure. This
feature essentially uses the closest Unified AP to connect to the rogue device as a wireless client. After
connecting as a client, a packet is sent with the destination address of the WLC to assess if the AP is
connected to the wired network. If the rogue is detected to be on the wired network, then the alarm
severity for that rogue AP is raised to critical.
feature essentially uses the closest Unified AP to connect to the rogue device as a wireless client. After
connecting as a client, a packet is sent with the destination address of the WLC to assess if the AP is
connected to the wired network. If the rogue is detected to be on the wired network, then the alarm
severity for that rogue AP is raised to critical.