Cisco Cisco 5508 Wireless Controller Referencia técnica
8
Rogue Management in a Unified Wireless Network using v7.4
Rogue Identification
If probe response or beacons from a rogue device are heard by either local mode, FlexConnect mode, or
monitor mode APs, then this information is communicated via CAPWAP to the Wireless LAN controller
(WLC) for processing. Rogue device can be identified regardless of its SSID is broadcast or not. In order
to prevent false positives, a number of methods are used to ensure that other managed Cisco-based APs
are not identified as a rogue device. These methods include mobility group updates, RF neighbor
packets, and white listing autonomous APs via Cisco Prime Infrastructure (PI).
monitor mode APs, then this information is communicated via CAPWAP to the Wireless LAN controller
(WLC) for processing. Rogue device can be identified regardless of its SSID is broadcast or not. In order
to prevent false positives, a number of methods are used to ensure that other managed Cisco-based APs
are not identified as a rogue device. These methods include mobility group updates, RF neighbor
packets, and white listing autonomous APs via Cisco Prime Infrastructure (PI).
Rogue Records
While the controller’s database of rogue devices contains only the current set of detected rogues, the
Cisco PI also includes an event history and logs rogues that are no longer seen.
Cisco PI also includes an event history and logs rogues that are no longer seen.
Rogue Details
A CAPWAP AP goes off-channel for 50ms in order to listen for rogue clients, monitor for noise, and
channel interference. Any detected rogue clients or APs are sent to the controller, which gathers the
following information:
channel interference. Any detected rogue clients or APs are sent to the controller, which gathers the
following information:
•
The rogue AP's MAC address
•
Name of the AP detected rogue
•
The rogue connected client(s) MAC address
•
Whether the frames are protected with WPA or WEP
•
The preamble
•
The Signal-to-Noise Ratio (SNR)
•
The Receiver Signal Strength Indicator (RSSI)
•
Channel of Rogue detection
•
Radio in which rogue is detected
•
Rogue SSID (if the rogue SSID is broadcasted)