Cisco :: 5508 / Rogue AP Detection On WLC?
Apr 24, 2012
I have a 5508 controller with 70 AP's ( a mix of 1131 and 1142). On the Monitor tab I can see under the Rogue Summary numerous "Rogue AP's" as well as the clients associated to these AP's. There are no Rogue AP's on my wired network according to the report. My question is this: What actions should I take regarding these "Roague AP's"? Many of them appear to be just other AP's in the residential area near by. I know I can take action to classify them as Friendly or Malicious as well as Internal or External, but what benefit is there to doing this? Will taking these actions keep my AP's from scanning off channel for Rogues? I read that if a "Rogue AP" is not on the wired network that is really is not considered a threat. Any Cisco best practices regarding how to handle detected Rogue AP's ?
View 4 Replies
ADVERTISEMENT
Mar 18, 2012
We have recently deployed a wlc5508 & some 40+ 3502i APs at the location.In the wlc I notice quite a few "rogue AP" listed with ssid's.
Is there a way within the wcs or wlc to determine better if any of these rogue AP are on my Lan?If I can locate the mac address of the ethernet port on the rogue AP I can track the port down on the appropriate switch & shut it down.
View 7 Replies
View Related
May 28, 2012
(5508 WLC, 1142N APs).I understand if I enable the AP mode to Rogue Detector from the details page of the AP, the AP stops accepting requests and is now looking for rogue items on the wired network. Is this the same when I enable Rogue Location Discovery Protocol? Will I lose the wireless functionality of all of my APs on the controller?
Next question, when I look at the Rogue Summary on the Monitoring page I see three Adhoc Rogue devices. When I select the Detail link only one shows. I remember the other two were HP mutifuction devices with WIFI enabled but I cannot retrieve that information anymore.
View 9 Replies
View Related
Oct 31, 2012
I have the wireless controller 5508 and many AP1261 registered on site. It detects a lot of rogue access points around. I would like to find out geographic location of these rogue access points. Is it possible?
View 2 Replies
View Related
Jul 21, 2011
I am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue. On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch.
View 3 Replies
View Related
Aug 14, 2010
We have several WLC's in school sites all connected back to a central WCS (ver6) which is working fine so I am just trying to clear up a few small issues.At a couple of sites I am getting alarms on WCS as per example below which has me at a loss.WCS has detected one or more alarms of category AP and severity Critical in Virtual Domain rootfor the following items:AP 'grafs-S03' is being contained. This is due to rogue device spoofing AP 'grafs-S03' BSSID or targetting AP 'grafs-S03' BSSID. - Controller Name: grafs-wlc-01E-mail will be suppressed up to 30 minutes for these alarms.Then a minute later I get the following to say its no longer being contained.WCS has detected a change in one or more alarms of category AP and severity Critical in Virtual Domain root. The new severity of the following items is Clear:AP 'grafs-S03' with protocol '802.11b/g' on Controller '10.96.192.5' is no longer being contained. Service is restored. - Controller Name: grafs-wlc-01E-mail will be suppressed up to 30 minutes for these changes.
View 16 Replies
View Related
Jan 25, 2011
I've been noticing a Belkin router on my network for a while now and just yesterday another Linksys router as join the party, causing havoc on my connection speed!
The strange thing is that I'm the only one seeing them through Norton on my laptop, all other computer on my home network is not detecting them. could this mean that someone is monitoring me? is possible? If I move permanently to Ubuntu linux would the problem go away? OR will they still be able to connect and monitor me?
View 6 Replies
View Related
Mar 9, 2009
If you deploy a Cisco 1242 a/b/g access point as a rogue detector, can this be used for 802.11n wired detection as well.i.e Will the controller send the MAC addresses of the 802.11n clients and APs. url...
View 8 Replies
View Related
Aug 20, 2012
We have 1242-AG series AP which is configured in Rogue Detector mode. After adding this AP to WLC its showing Admin Status of AP as Down.
When i am trying to enable the Admin Status its giving me following error
" Admin status cannot be enabled for AP in Rogue Detector mode".
how to enable Admin Status for Rogue Detector AP.
View 4 Replies
View Related
Aug 7, 2012
I think this is a bug, but I wanted to check if others have the same problem. If we try to delete rogue AP's under MONITOR > Rogues with Remove Selected then we get a error message Authorization Failed. No sufficient privileges. At first sight, it looks like the AP's are gone, but if you click on the same menu again, they are still there.
My ACS admin user has role1=ALL. I even tried to set role1=MONITOR, then I don't get the message above, but it is stated that I can not delete known rogue AP's.
View 10 Replies
View Related
Feb 13, 2012
What tool can I use to accurately pin point a rogue dhcp server in our network?
View 1 Replies
View Related
Feb 19, 2012
I have an underground cable connecting a classroom to the main server.
If I plug any computer directly into the underground cable it connects to the server fine.
If I plug a switch into the cable, none of the computers connected to the switch gets an IP address from the server. When I try to assign manual IP addresses I also can't connect.
But when I use the same switch and plug it into the server using a shorter cable everything works.
View 5 Replies
View Related
Dec 14, 2012
I'm using a 2504 controller. I dont have WCS.My questions are about the best way to configure a Rogue Detector AP.
In my lab environment I setup the WLC with 2 APs. One AP was in local mode, and I put the other in Rogue Detector mode.The Rogue Detector AP was connected to a trunk port on my switch. But the AP needed to get its IP address from the DHCP server running on the WLC. So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides. If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC. This makes sense because untagged traffic on the trunk port will be delivered to the native vlan. So I take it that the AP doesn't know how to tag frames.Everything looked like it was working ok.
So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it. Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire. From the rogue client I was able to successfully ping the management interface of the WLC.
But the WLC never actually reported the rogue AP as being connected to the wired network.So my questions are:
1. What is the correct configuration for the trunk port? Should it not be configured with a native vlan? If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
2. Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network? I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
View 4 Replies
View Related
May 7, 2013
I'm building the use case to test / detect for rogue devices on the network. I have in my enviroment Lan controller 5500 controller with AP (aironet 3500). I want to detect for rogue devices/ap connected to my network. I know before i can see this activity on the network i have to configure the controller / ap to detect this behavior. I'm doing this step.
Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network.By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the URL
Using Rogue detection. feature, the WLC will be able to detect any AP that is not a part of its RF group and contain it.URL
NOTE: from the forum I have seen other talks about the same issue and saying that if I have any APs in "Rogue Detection" mode sitting on the trunk port on the switch then only, this AP will detect the Rogue on Wired
I don't think i completely understand this statement, by sitting does it mean that it is passively sniffing coming in/out on trunk link?
Considering the above steps are accurate, after this will i be able to see rogue detection behavior in syslogs? What exactly would be the messages that would produce this behavior.
View 7 Replies
View Related
May 9, 2013
I'm building the use case to test / detect for rogue devices on the network. I have in my enviroment Lan controller 5500 controller with AP (aironet 3500). I want to detect for rogue devices/ap connected to my network. I know before i can see this activity on the network i have to configure the controller / ap to detect this behavior.
Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network.By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the WLC. url...
Using Rogue detection. feature, the WLC will be able to detect any AP that is not a part of its RF group and contain it. url...the forum I have seen other talks about the same issue and saying that if I have any APs in "Rogue Detection" mode sitting on the trunk port on the switch then only, this AP will detect the Rogue on Wired.
View 2 Replies
View Related
Dec 19, 2011
My computer was recently infected with the XP Antivirus 2012 rogue virus. I believe that it has been removed from my computer, but I am unable to connect to the internet. I am unable to obtain an IP address. The IP address is 00000 and the Submask is 0000. My operating system is Windows XP and I am using a High speed cable connection
View 5 Replies
View Related
May 16, 2012
We had a core switch (4503), distribution switches and access in our network and consists of many vlans. Almost all vlans uses DHCP Pools. But for few vlans DHCP is not yet configured. Recently one of the rogue user in vlan 1 gave the corresponding interface vlan ip of core switch (gateway) as his ip and caused a prolonged network outage for the vlan. Any way we are going to seggregate vlan 1 into different vlans, but before that we need a temporary plan to block such kinds of attack.What are the possible ways we can avoid the network outage problem even if a user gave the gateway ip to the machine?
View 3 Replies
View Related
Aug 30, 2011
How can I detect who is downloading big files in our network.Because it is banned in network for certain peak times. We are using DSL connection.
View 2 Replies
View Related
Feb 10, 2011
how would i know the ip address of the person whom i chatting with.I dont know him or her exactly. he or shes detecting my ip address to block me
View 2 Replies
View Related
Oct 22, 2011
I have a simple question regarding dead peer detection on the ASA 5520. I am using a cellular VPN device to connect back to an ASA 5520 and I have noticed that the connection drops at random periods during the day. The vendor for the cellular device recommends disabling dead peer detection on their device, which I have done. The question is, where is this disabled on the ASA? is it the IKE Keepalive setting under the tunnel group option?
View 1 Replies
View Related
Apr 1, 2012
I'm running a 5505 with DHCP on the outside interface. All 5505 are connecting to 5545.Can I configure the ASA for a site to site to automactically discover the the peer address and automatically establish a connection with 5545?In other words can I configure all settings for the site to site except the peer address. Once connected on network and get outside DHCP, can it also put that address is the peer section of site to site?
View 1 Replies
View Related
Nov 28, 2012
Primary optical link between CPE and PE, and backup 3G/ADSL link between CPE and PE.I am considering link failure detection on primary link (after which backup link should take over). Which method is the least CPU intesive:
1) BGP protocol between CPE and PE
2) RIP protocol between CPE and PE
3) BFD on static routes on PE
Is there difference in terms of CPU load between above mentioned methods or they are more or less the same?Hardver platforms are sup720 BXL and Cisco 7200 G2.
View 4 Replies
View Related
Feb 13, 2013
I would like to develop Voice Activation Detection using this sample program (google: ****/p_238-voice-activation-detection-voip) in Visual Studio 2008. But according to this website Visual Studio 2010 is highly recommended. Why VS 2010 is better than VS 2008?
View 1 Replies
View Related
Apr 15, 2012
I am interested in gathering cumulative threat-detection statistics from an ASA running 8.3, and displaying number of attacks over time. I am already capturing traffic information via netflow, but am interested in getting threat information.
Is there a way to capture the statistics via SNMP or any other method?
View 3 Replies
View Related
Mar 13, 2011
I have a Cisco 2801, IOS 12.4(24)T2 (C2801-IPBASEK9-M) on a WAN link to another 2801, which appears to be wrongly detecting our cross-site EMC replication traffic as Skype.
I am 100% sure that Skype isn't running on any of our PC's, yet the Skype protocol is by far the highest used out of everything. I have watched these traffic stats late at night when nobody is on the network and when the only traffic is replication, and this is the protocol which is constantly increasing.
If I run 'sh ip nbar port' , Skype isn't listed in the port-map. If I use ? at the end of the command, it lists Skype as option. The 'sh ip nbar protocol-discovery' show the following (among others):
FastEthernet0/1/0
Last clearing of "show ip nbar protocol-discovery" counters 6d10h
Input Output ----- ------ Protocol Packet Count Packet Count Byte Count Byte Count 5min Bit Rate (bps) 5min Bit Rate (bps) 5min Max Bit Rate (bps) 5min Max Bit Rate (bps) ------------------------ ------------------------ ------------------------ skype 76133998 146572068 6167477623 173614718864 0 0 1221000 8973000
EMC have informed me that the port used for replication is 8888, but I can't see how NBAR can think this is Skype.
why NBAR is detecting Skype traffic?!
View 1 Replies
View Related
Oct 3, 2007
It is possible to detect situation when two neigbour routers involved in EIGRP routing are configured by mistake with different AS number ?I tried this situation practically. Two routers are connected together via Serial link network. One router has AS 1, other AS 10. I try to detect AS mismatch. First I check what EIGRP packet are comming debug ip packet detail show source <my neighbour IP address> destination 224.0.0.10 Ip protocol type 88. These packets are EIGRP Hello packet.
I try to go more deeply into details.debug eigrp packetsI see only ongoing EIGRP Hello packets. But I don't see any incoming packet from my neighbour (which has different AS number). It seems, because of different AS number router silently drop eigrp packet.Other debug eigrp command also doesn't show any info about AS difference.
Cisco IOS 12.4 (16)
View 9 Replies
View Related
Sep 13, 2011
I have remote site in which site to site vpn is configured with hub site using 5510 model. now i am using load balancer in which 2 isp will terminate one is isfy and other is reliance . now i want if suppose ipsec-tunnel is configured primary with sify. if sify link fail at hub site then at remote site should be able to communicate with reliance that is secondary?
View 7 Replies
View Related
Mar 4, 2011
I just switched schools and I work for HP's marketing team part time which entitles me to get on some websites blocked by our school's network (sonicwall block).I then tried a proxy on Firefox and it was blocked as the sonicwall detected that I was using a proxy. Why did this happen and is there a way to bypass?This is mainly on wired connection as the Ethernet isn't god awfully slow like wireless is.
View 1 Replies
View Related
Dec 19, 2012
I'll cut right to the chase: I've been having some serious problems with wifi detection. There are times when the wifi is detected successfully, but most days, my laptop can't seem to detect any. The wifi light goes on and off as well. Also, there are times when the wifi suddenly just goes off and fails to detect any, even after it has already started working.Usually, I have to turn off my laptop and wait for it to cool before the wifi starts working again. I already have that power save mode option unchecked, so I don't really know what's causing the problem.
View 3 Replies
View Related
Nov 2, 2012
I have been having no luck with DLink support getting an answer. I have the DCS-942L which allows me to set the date/time zone but when I try to add motion detection settings the page always times out during the save. I tried using CaT-5 CABLE instead of wifi for settings (camera on same router and desktop pc) but after the "saving" message appears, it eventually times out and I have to click the Back arrow to return only to find none of my settings saved. I also want to note that each time I log in I see a broken certificate error message. Using Win8 with IE10. Also tried on Win7 with IE9 and XP Pro with IE8.
View 3 Replies
View Related
May 31, 2012
I've just successfully set up my network camera and as I was running through the advanced settings, what it wants from me when it comes to setting up images being sent to my e-mail. I've looked up some old threads to get a clue and thus far nothing works. Testing my entries results in "Invalid e-mail setting" 10 out of 10 times.
The setting format I'm trying to use is as follows:
-- smtp.gmail.com
-- 587
-- myemail@gmail.com
-- myemail@gmail.com
-- myemail
-- mypassword
-- STARTTLS
My GMail account is POP Enabled (whatever that is) and I used the username for that e-mail for bother the Sender and Receiver fields, as well as that e-mails username and password.
I'm lost. I bought the camera so I could document my landlord's maintenance people "touring" my apartment while I'm at work, but I wasn't aware having it save screenshots would be so complicated.
View 2 Replies
View Related
Apr 2, 2011
First of all, I've purchased a couple of Wifi cameras in the past, and they've always been missing something important (i.e. just returned a Cisco camera because it didn't support WPA2-AES).
So I was thrilled when I first received the DCS-930L - it was sleek, wireless setup was easy, and mydlink.com is slick as well.
But I'm afraid I've found the fatal flaw. I purchased this camera for one reason only - to figure out how mice are getting into my basement! I set up the camera where I suspect they're coming in, set up motion detection (via ftp), and then walked in front of the camera to test it.
To my surprise, I checked the FTP folder and found dozens of STILL images! What I really need is a video file. Is there NO way to configure the camera to capture video (not still images) when motion is detected? This seems like a huge gap. The Cisco camera I returned could do this.
If it can't do this, can it can be configured to record the last X hours to a shared drive somewhere, so I can at least go back and look at recorded video?
View 1 Replies
View Related
Jul 22, 2012
I have:Dell Vostro 460 12 GB RamIntel Quad Core i7-2600 3.40 GHzWindows 7 Wireless card is DW1525 (802.11n) WLAN PCIe CardSays drivers are up to date and the device is working properly. I have checked to make sure it is all enabled. Does not detect wireless networks that are in range. I have 3 other computers and all find multiple - this one detects none. Never has. In the pass I have simply used ethernet cables but for the next few months that will not be possible.
View 1 Replies
View Related
