Cisco Cisco 5508 Wireless Controller Referencia técnica
9
Rogue Management in a Unified Wireless Network using v7.4
Rogue Management Theory of Operation
•
Rogue IP address
•
First and last time the rogue is reported
•
Channel width
Exporting Rogue Events
In order to export rogue events to a third-party Network Management System (NMS) for archival, the
WLC permits additional SNMP trap receivers to be added. When a rogue is detected or cleared by the
controller, a trap containing this information is communicated to all SNMP trap receivers. One caveat
with exporting events via SNMP is that if multiple controllers detect the same rogue, duplicate events
are seen by the NMS as correlation is only done at PI.
WLC permits additional SNMP trap receivers to be added. When a rogue is detected or cleared by the
controller, a trap containing this information is communicated to all SNMP trap receivers. One caveat
with exporting events via SNMP is that if multiple controllers detect the same rogue, duplicate events
are seen by the NMS as correlation is only done at PI.
Rogue Record Timeout
Once a rogue AP has been added to the WLC's records, it will remain there until it is no longer seen.
After a user configurable timeout (1200 seconds default, configurable from 120 to 3600 sec.), a rogue
in the “Unclassified” category is aged out. Rogues in other states such as “Contained” and “Friendly”
will persist so that the appropriate classification is applied to them if they reappear.
After a user configurable timeout (1200 seconds default, configurable from 120 to 3600 sec.), a rogue
in the “Unclassified” category is aged out. Rogues in other states such as “Contained” and “Friendly”
will persist so that the appropriate classification is applied to them if they reappear.
There is a maximum database size for rogue records that is variable across controller platforms:
Number of Max Rogue Client per AP is increased to 256 from 16 from 7.4
Rogue Classification
By default, all rogues that are detected by the Cisco UWN are considered Unclassified. As depicted in
this the below graphic, rogues can be classified on a number of criteria including RSSI, SSID, Duration,
Security type, on/off network, and number of clients:
this the below graphic, rogues can be classified on a number of criteria including RSSI, SSID, Duration,
Security type, on/off network, and number of clients:
8500/7500
5760
WISM2
5508
vWLC
2504
Rogue AP
24000
12000
4000
2000
800
2000
Rogue
Client
Client
32000
12000
5000
2500
1500
2500