Cisco Cisco 5508 Wireless Controller Referências técnicas
14
Rogue Management in a Unified Wireless Network using v7.4
Rogue Classification Rules
Rogue classification rules, introduced in the 5.0 release, allow you to define a set of conditions that mark
a rogue as either malicious or friendly. This feature is revamped on 7.4 by adding Custom, Policy-based
Rogue Classification Rule. This allow WLC to create custom-defined Rogue list, with custom severity
level, ranging from 1 to 100. Hence, in addition to Malicious and Friendly rule, Administrator can add
Custom Rogue Rule that custom defines Rogue’s character such as Internal/External/Alert/Contain.
Among these four classifications, Contain type defines auto containment action, based on this rogue
filter rule. Once certain Rogue device is classified as “contain” as its notification type, neighboring APs
immediately contains such Rogue devices. These rules are configured at the PI or the WLC, but they are
always performed on the controller as new rogues are discovered.
a rogue as either malicious or friendly. This feature is revamped on 7.4 by adding Custom, Policy-based
Rogue Classification Rule. This allow WLC to create custom-defined Rogue list, with custom severity
level, ranging from 1 to 100. Hence, in addition to Malicious and Friendly rule, Administrator can add
Custom Rogue Rule that custom defines Rogue’s character such as Internal/External/Alert/Contain.
Among these four classifications, Contain type defines auto containment action, based on this rogue
filter rule. Once certain Rogue device is classified as “contain” as its notification type, neighboring APs
immediately contains such Rogue devices. These rules are configured at the PI or the WLC, but they are
always performed on the controller as new rogues are discovered.
This Rogue Rule is also applied on Ad-hoc Rogue devices.
Malicious and Custom type Rogue classification can have containment option.
Procedure to add custom rule with containment action:
Step 1
Create Rogue Rule with Containment Action.
Rule Type
Notify/Action
Custom
Severity
Severity
Friendly
•
Alert
•
Internal
•
External
No
Malicious
•
Alert
•
Contain
No
Custom
•
Alert
•
Contain
Yes (Scale
from 1 to 100)
from 1 to 100)