Cisco Cisco 5508 Wireless Controller Referencia técnica
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
12
Rogue Management in a Unified Wireless Network using v7.4
Caveats of RLDP
•
RLDP only works with open rogue APs broadcasting their SSID with authentication and encryption
disabled.
disabled.
•
RLDP requires that the Managed AP acting as a client is able to obtain an IP address via DHCP on
the rogue network.
the rogue network.
•
Manual RLDP can be used to attempt an RLDP trace on a rogue multiple number of times.
•
During RLDP process, the AP is unable to serve clients. This will negatively impact performance
and connectivity for local mode APs. To avoid this case, RLDP can be selectively enabled for
Monitor Mode AP only.
and connectivity for local mode APs. To avoid this case, RLDP can be selectively enabled for
Monitor Mode AP only.
•
RLDP does not attempt to connect to a rogue AP operating in a 5GHz DFS channel.
Switch Port Tracing
Switch port tracing is a rogue AP mitigation technique first implemented in the 5.1 release and later with
MSE 7.3 and PI 1.2, evolved into Auto Switch Port Tracing. Although switch port tracing is initiated at
the PI, it utilizes both CDP and SNMP information to track a rogue down to a specific port in the
network. In order for switch port tracing to run, all switches in the network must be added to the PI with
SNMP credentials. Although read-only credentials work for identifying the port the rogue is on,
read-write credentials allow the PI to also shut the port down, thus containing the threat. At this time,
this feature works only with Cisco switches that run IOS with CDP enabled, and CDP must also be
enabled on the Managed APs.
MSE 7.3 and PI 1.2, evolved into Auto Switch Port Tracing. Although switch port tracing is initiated at
the PI, it utilizes both CDP and SNMP information to track a rogue down to a specific port in the
network. In order for switch port tracing to run, all switches in the network must be added to the PI with
SNMP credentials. Although read-only credentials work for identifying the port the rogue is on,
read-write credentials allow the PI to also shut the port down, thus containing the threat. At this time,
this feature works only with Cisco switches that run IOS with CDP enabled, and CDP must also be
enabled on the Managed APs.