We have recently deployed a wlc5508 & some 40+ 3502i APs at the location.In the wlc I notice quite a few "rogue AP" listed with ssid's.
Is there a way within the wcs or wlc to determine better if any of these rogue AP are on my Lan?If I can locate the mac address of the ethernet port on the rogue AP I can track the port down on the appropriate switch & shut it down.
I have a 5508 controller with 70 AP's ( a mix of 1131 and 1142). On the Monitor tab I can see under the Rogue Summary numerous "Rogue AP's" as well as the clients associated to these AP's. There are no Rogue AP's on my wired network according to the report. My question is this: What actions should I take regarding these "Roague AP's"? Many of them appear to be just other AP's in the residential area near by. I know I can take action to classify them as Friendly or Malicious as well as Internal or External, but what benefit is there to doing this? Will taking these actions keep my AP's from scanning off channel for Rogues? I read that if a "Rogue AP" is not on the wired network that is really is not considered a threat. Any Cisco best practices regarding how to handle detected Rogue AP's ?
View 4 Replies View Related(5508 WLC, 1142N APs).I understand if I enable the AP mode to Rogue Detector from the details page of the AP, the AP stops accepting requests and is now looking for rogue items on the wired network. Is this the same when I enable Rogue Location Discovery Protocol? Will I lose the wireless functionality of all of my APs on the controller?
Next question, when I look at the Rogue Summary on the Monitoring page I see three Adhoc Rogue devices. When I select the Detail link only one shows. I remember the other two were HP mutifuction devices with WIFI enabled but I cannot retrieve that information anymore.
I have the wireless controller 5508 and many AP1261 registered on site. It detects a lot of rogue access points around. I would like to find out geographic location of these rogue access points. Is it possible?
View 2 Replies View RelatedI am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue. On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch.
View 3 Replies View RelatedWe have several WLC's in school sites all connected back to a central WCS (ver6) which is working fine so I am just trying to clear up a few small issues.At a couple of sites I am getting alarms on WCS as per example below which has me at a loss.WCS has detected one or more alarms of category AP and severity Critical in Virtual Domain rootfor the following items:AP 'grafs-S03' is being contained. This is due to rogue device spoofing AP 'grafs-S03' BSSID or targetting AP 'grafs-S03' BSSID. - Controller Name: grafs-wlc-01E-mail will be suppressed up to 30 minutes for these alarms.Then a minute later I get the following to say its no longer being contained.WCS has detected a change in one or more alarms of category AP and severity Critical in Virtual Domain root. The new severity of the following items is Clear:AP 'grafs-S03' with protocol '802.11b/g' on Controller '10.96.192.5' is no longer being contained. Service is restored. - Controller Name: grafs-wlc-01E-mail will be suppressed up to 30 minutes for these changes.
View 16 Replies View RelatedI've been noticing a Belkin router on my network for a while now and just yesterday another Linksys router as join the party, causing havoc on my connection speed!
The strange thing is that I'm the only one seeing them through Norton on my laptop, all other computer on my home network is not detecting them. could this mean that someone is monitoring me? is possible? If I move permanently to Ubuntu linux would the problem go away? OR will they still be able to connect and monitor me?
If you deploy a Cisco 1242 a/b/g access point as a rogue detector, can this be used for 802.11n wired detection as well.i.e Will the controller send the MAC addresses of the 802.11n clients and APs. url...
View 8 Replies View RelatedWe have 1242-AG series AP which is configured in Rogue Detector mode. After adding this AP to WLC its showing Admin Status of AP as Down.
When i am trying to enable the Admin Status its giving me following error
" Admin status cannot be enabled for AP in Rogue Detector mode".
how to enable Admin Status for Rogue Detector AP.
I think this is a bug, but I wanted to check if others have the same problem. If we try to delete rogue AP's under MONITOR > Rogues with Remove Selected then we get a error message Authorization Failed. No sufficient privileges. At first sight, it looks like the AP's are gone, but if you click on the same menu again, they are still there.
My ACS admin user has role1=ALL. I even tried to set role1=MONITOR, then I don't get the message above, but it is stated that I can not delete known rogue AP's.
What tool can I use to accurately pin point a rogue dhcp server in our network?
View 1 Replies View RelatedI have an underground cable connecting a classroom to the main server.
If I plug any computer directly into the underground cable it connects to the server fine.
If I plug a switch into the cable, none of the computers connected to the switch gets an IP address from the server. When I try to assign manual IP addresses I also can't connect.
But when I use the same switch and plug it into the server using a shorter cable everything works.
I'm using a 2504 controller. I dont have WCS.My questions are about the best way to configure a Rogue Detector AP.
In my lab environment I setup the WLC with 2 APs. One AP was in local mode, and I put the other in Rogue Detector mode.The Rogue Detector AP was connected to a trunk port on my switch. But the AP needed to get its IP address from the DHCP server running on the WLC. So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides. If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC. This makes sense because untagged traffic on the trunk port will be delivered to the native vlan. So I take it that the AP doesn't know how to tag frames.Everything looked like it was working ok.
So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it. Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire. From the rogue client I was able to successfully ping the management interface of the WLC.
But the WLC never actually reported the rogue AP as being connected to the wired network.So my questions are:
1. What is the correct configuration for the trunk port? Should it not be configured with a native vlan? If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
2. Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network? I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
I'm building the use case to test / detect for rogue devices on the network. I have in my enviroment Lan controller 5500 controller with AP (aironet 3500). I want to detect for rogue devices/ap connected to my network. I know before i can see this activity on the network i have to configure the controller / ap to detect this behavior. I'm doing this step.
Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network.By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the URL
Using Rogue detection. feature, the WLC will be able to detect any AP that is not a part of its RF group and contain it.URL
NOTE: from the forum I have seen other talks about the same issue and saying that if I have any APs in "Rogue Detection" mode sitting on the trunk port on the switch then only, this AP will detect the Rogue on Wired
I don't think i completely understand this statement, by sitting does it mean that it is passively sniffing coming in/out on trunk link?
Considering the above steps are accurate, after this will i be able to see rogue detection behavior in syslogs? What exactly would be the messages that would produce this behavior.
I'm building the use case to test / detect for rogue devices on the network. I have in my enviroment Lan controller 5500 controller with AP (aironet 3500). I want to detect for rogue devices/ap connected to my network. I know before i can see this activity on the network i have to configure the controller / ap to detect this behavior.
Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network.By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the WLC. url...
Using Rogue detection. feature, the WLC will be able to detect any AP that is not a part of its RF group and contain it. url...the forum I have seen other talks about the same issue and saying that if I have any APs in "Rogue Detection" mode sitting on the trunk port on the switch then only, this AP will detect the Rogue on Wired.
My computer was recently infected with the XP Antivirus 2012 rogue virus. I believe that it has been removed from my computer, but I am unable to connect to the internet. I am unable to obtain an IP address. The IP address is 00000 and the Submask is 0000. My operating system is Windows XP and I am using a High speed cable connection
View 5 Replies View RelatedWe had a core switch (4503), distribution switches and access in our network and consists of many vlans. Almost all vlans uses DHCP Pools. But for few vlans DHCP is not yet configured. Recently one of the rogue user in vlan 1 gave the corresponding interface vlan ip of core switch (gateway) as his ip and caused a prolonged network outage for the vlan. Any way we are going to seggregate vlan 1 into different vlans, but before that we need a temporary plan to block such kinds of attack.What are the possible ways we can avoid the network outage problem even if a user gave the gateway ip to the machine?
View 3 Replies View Relatedthis might sound straight forward, but every other pc or console can find and connect to my router.This issue seems to happen about once every few months, sometimes it comes back by itself and reconnects completely fine.
There isn't a "user limit" on our router.Wireless adapter is dell wireless 1505 draft 802.11n wlan mini-card.
Have restarted PC and uninstalled and reinstalled the card.I tried to set the i.p address to static but it says "adapter disconnected" so won't allow me to edit any settings, despite it being able to find neighbour's wireless very easily.
upgrade from 7.0.235 to 7.0.240? I can't go any higher right because we are still using WCS. I read the white papers but as far as I can tell there are no new features..
View 3 Replies View RelatedDoes Cisco WLC 5508 runnig code 6.0.196.0 allows you to generate CSR? Or do you have to use OPENSSL like in previous versions?
View 16 Replies View RelatedI am trying to SSH into my controller after upgrading to 7.0.103 and I get the username prompt but it seems to be disconnecting as soon as I do. Is there something different about this version of code as opposed to the older ones?
View 1 Replies View Relatedi have 2 ssid with the same comfiguration (diff only in name) in one ipsec ssid vpn (l2tp over ipsec with natt ) works fine, in another after phase 2 is completed no traffic is forwarded and vpn session is dropped. There are no access lists on equipment.
I found in documentation that need to activate L3 security and set it to vpn pass-through, but in drop-down menu only one item "none". What is the reason to drop ipsec traffic ?
NCS 1.1.1.24 (PRIME-NCS-VAPL)
5508-50 WLC 7.0.235.3
I had to re-IP this WLC onto another management vlan. Prior to the IP change and code upgrade I removed the WLC from NCS.When attempting to re-add the WLC to NCS, I finally found the it in Configure>Unknown Devices. Now NCS is showing the Device Type as Unknown, and Inventory Status Detail as Unsupported device, and reachable.
I have a customer with an ACS for Windows version 3.3. I know the ACS is End-of-support, but if I could do Authentication for a WLAN with a Controller 5508 Softwareversion 7.0.116.0 and how?
View 3 Replies View RelatedSince the SW upgrade to version 7.3.101.0 (wlc 5508) i have the following issue. We have a W LAN with 802.1x (WPA2/AES) secured. Before the update the users need to enter user/ PW every time when they reconnect (W LAN switch off/ on again) to the W LAN. Now the users don`t need to enter user/ PW when they reconnect to the WLAN.
I could not find any setting on wlc to clear this issue.
Does anyone know if it is possible to use an 5508 WLC running version 7.0.116.0 as a DNS box? Was not able to find anything in the config guide.
View 2 Replies View RelatedCisco WLC 5508
Software Version: 7.4.100.0
Windows Server 2008R2
I've got everything setup on the Windows Server 2008 side of things (certificates, radius clients, etc). I added the radius server on the WLC, and configured a new W LAN to use it. Both are on the same sub net. When trying to connect to the W LAN it kept failing. I installed wire shark on the server to monitor the radius traffic, and to my surprise there was no radius traffic showing up on the server. The radius statistics on the WLC are at 0 as well, so it's like the WLC isn't even attempting Radius.
I re verified that the server was enabled on both the security tab and the W LAN itself on the WLC. Rebooted the controller and the server, all to no avail. I used a radius test client, and can successfully send radius commands to the server using that utility. Frustrated, I just kept trying to reconnect on my wireless device, and after about the 15th try, finally I saw radius activity on wire shark. It rejected my access, but at least I saw activity. It also registered radius statistics on the WLC as well.
So now if I keep trying to connect repeatedly, about every dozen or so times the WLC actually will send a radius request to the server.
I have a main with one WLC 7.0.240.0 and have acquired a HA with 7.3. I have considered whether to put on both WLC version 7.3 or 7.4.:
first, that there are differences between the two versions?
second: As I read, the version 7.4 can make backup of several WLC, this function is already available?
configured the monitor and exporter on the wcs 5508 running 7.4.100.0 and it is not working.
View 1 Replies View RelatedI have a WLC5508 with around 70 AP's (LAP1042N) connecting over an MPLS WAN network. WLC and AP's are running 7.4.100
From time to time I have an AP which disassociates from the WLC with the logging beneath. This is a problem with the AP, or is this due to network saturation between the AP and the WLC ?
And if so, should I change the default retransmit values ?
I have a Cisco 5508 controller and am considering using LAG. Can I enable LAG but only use 2-4 of the 8 available ports on the 5508? I am asking because currently I don't have enough ports on my 3750G switch to accomidate all 8 ports on the 5508.
View 2 Replies View RelatedLooking to upgrade our 5508 WLC to the newest code AIR-CT5500-K9-7-2-103-0-FUS..We are currently running an older code 6.0.196.0..Are there any issues that I need to worry about with this upgrade ?Do I need to upgrade the AP's at the same time ?
View 7 Replies View RelatedI've searched the release notes for 7.2+, but I haven't found a documented number of how many active RF Profiles a 5508 can support. Any limitation of how many RF Profiles they can have?
View 3 Replies View Related