Cisco Cisco 5508 Wireless Controller Referências técnicas
16
Rogue Management in a Unified Wireless Network using v7.4
A containment initiated on a rogue AP with client(s) will use de-authentication frames sent to the
broadcast address and to the client(s) address:
broadcast address and to the client(s) address:
Containment packets are sent at the power level of the managed AP and at the lowest enabled data rate.
Containment sends a minimum of 2 packets every 100ms in Monitor mode AP:
Note
From 6.0 release, a containment performed by non-monitor mode APs is sent at an interval of 500ms
instead of the 100ms interval used by monitor mode APs. Also, starting from 7.0.116, Monitor mode
AP’s containment traffic is only using unicast de-auth., and doesn’t use broadcast de-auth. basis
containment anymore. Local mode and ELM mode’s APs are still using mixture of broadcast and unicast
de-auth. packet.
instead of the 100ms interval used by monitor mode APs. Also, starting from 7.0.116, Monitor mode
AP’s containment traffic is only using unicast de-auth., and doesn’t use broadcast de-auth. basis
containment anymore. Local mode and ELM mode’s APs are still using mixture of broadcast and unicast
de-auth. packet.
•
An individual rogue device can be contained by 1 to 4 managed APs which work in conjunction to
mitigate the threat temporarily.
mitigate the threat temporarily.
•
Containment can be performed using local mode, ELM mode, monitor mode and FLEXCONNECT
(Connected) mode APs. For local (and ELM) mode of FLEXCONNECT APs, a maximum of three
rogue devices per radio can be contained. For monitor mode APs, a maximum of six rogue devices
per radio can be contained.
(Connected) mode APs. For local (and ELM) mode of FLEXCONNECT APs, a maximum of three
rogue devices per radio can be contained. For monitor mode APs, a maximum of six rogue devices
per radio can be contained.