Cisco Cisco 5508 Wireless Controller Referencia técnica
17
Rogue Management in a Unified Wireless Network using v7.4
Rogue Management Theory of Operation
Auto-Containment
In addition to manually initiating containment on a rogue device via PI or the WLC GUI, there is also
the ability to automatically launch containment under certain scenarios. This configuration is found
under General in the Rogue Policies section of the PI or controller interface. Each of these feature is
disabled by default and should only be enabled to nullify the most damaging threats.
the ability to automatically launch containment under certain scenarios. This configuration is found
under General in the Rogue Policies section of the PI or controller interface. Each of these feature is
disabled by default and should only be enabled to nullify the most damaging threats.
•
Rogue on Wire – If a rogue device is identified to be attached to the wired network, then it is
automatically placed under containment.
automatically placed under containment.
•
Using our SSID – If a rogue device is using an SSID which is the same as that configured on the
controller, it is automatically contained. This feature aims to address a honey-pot attack before it
causes damage.
controller, it is automatically contained. This feature aims to address a honey-pot attack before it
causes damage.
•
Valid client on Rogue AP – If a client listed in AAA is found to be associated with a rogue device,
containment is launched against that client only, preventing it from associating to any non-managed
AP.
containment is launched against that client only, preventing it from associating to any non-managed
AP.
•
AdHoc Rogue AP – If an ad-hoc network is discovered, it is automatically contained.
Rogue Containment Caveats
•
Because containment uses a portion of the managed AP's radio time to send the de-authentication
frames, the performance to both data and voice clients is negatively impacted by up to 20%. For data
clients, the impact is reduced throughput. For voice clients, containment can cause interruptions in
conversations and reduced voice quality. To avoid impact of data throughput and network service,
administrator can limit Auto containment action only for Monitor mode APs.
frames, the performance to both data and voice clients is negatively impacted by up to 20%. For data
clients, the impact is reduced throughput. For voice clients, containment can cause interruptions in
conversations and reduced voice quality. To avoid impact of data throughput and network service,
administrator can limit Auto containment action only for Monitor mode APs.
•
Containment can have legal implications when launched against neighboring networks. Ensure that
the rogue device is within your network and poses a security risk before you launch the containment.
the rogue device is within your network and poses a security risk before you launch the containment.