Cisco Wireless :: Grafs-S03 / WLC Containing One Of Its Own APs As A Rogue?
Aug 14, 2010
We have several WLC's in school sites all connected back to a central WCS (ver6) which is working fine so I am just trying to clear up a few small issues.At a couple of sites I am getting alarms on WCS as per example below which has me at a loss.WCS has detected one or more alarms of category AP and severity Critical in Virtual Domain rootfor the following items:AP 'grafs-S03' is being contained. This is due to rogue device spoofing AP 'grafs-S03' BSSID or targetting AP 'grafs-S03' BSSID. - Controller Name: grafs-wlc-01E-mail will be suppressed up to 30 minutes for these alarms.Then a minute later I get the following to say its no longer being contained.WCS has detected a change in one or more alarms of category AP and severity Critical in Virtual Domain root. The new severity of the following items is Clear:AP 'grafs-S03' with protocol '802.11b/g' on Controller '10.96.192.5' is no longer being contained. Service is restored. - Controller Name: grafs-wlc-01E-mail will be suppressed up to 30 minutes for these changes.
I think this is a bug, but I wanted to check if others have the same problem. If we try to delete rogue AP's under MONITOR > Rogues with Remove Selected then we get a error message Authorization Failed. No sufficient privileges. At first sight, it looks like the AP's are gone, but if you click on the same menu again, they are still there.
My ACS admin user has role1=ALL. I even tried to set role1=MONITOR, then I don't get the message above, but it is stated that I can not delete known rogue AP's.
I'm building the use case to test / detect for rogue devices on the network. I have in my enviroment Lan controller 5500 controller with AP (aironet 3500). I want to detect for rogue devices/ap connected to my network. I know before i can see this activity on the network i have to configure the controller / ap to detect this behavior.
Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network.By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the WLC. url...
Using Rogue detection. feature, the WLC will be able to detect any AP that is not a part of its RF group and contain it. url...the forum I have seen other talks about the same issue and saying that if I have any APs in "Rogue Detection" mode sitting on the trunk port on the switch then only, this AP will detect the Rogue on Wired.
I have the wireless controller 5508 and many AP1261 registered on site. It detects a lot of rogue access points around. I would like to find out geographic location of these rogue access points. Is it possible?
I have a 5508 controller with 70 AP's ( a mix of 1131 and 1142). On the Monitor tab I can see under the Rogue Summary numerous "Rogue AP's" as well as the clients associated to these AP's. There are no Rogue AP's on my wired network according to the report. My question is this: What actions should I take regarding these "Roague AP's"? Many of them appear to be just other AP's in the residential area near by. I know I can take action to classify them as Friendly or Malicious as well as Internal or External, but what benefit is there to doing this? Will taking these actions keep my AP's from scanning off channel for Rogues? I read that if a "Rogue AP" is not on the wired network that is really is not considered a threat. Any Cisco best practices regarding how to handle detected Rogue AP's ?
We have recently deployed a wlc5508 & some 40+ 3502i APs at the location.In the wlc I notice quite a few "rogue AP" listed with ssid's.
Is there a way within the wcs or wlc to determine better if any of these rogue AP are on my Lan?If I can locate the mac address of the ethernet port on the rogue AP I can track the port down on the appropriate switch & shut it down.
I've been noticing a Belkin router on my network for a while now and just yesterday another Linksys router as join the party, causing havoc on my connection speed!
The strange thing is that I'm the only one seeing them through Norton on my laptop, all other computer on my home network is not detecting them. could this mean that someone is monitoring me? is possible? If I move permanently to Ubuntu linux would the problem go away? OR will they still be able to connect and monitor me?
If you deploy a Cisco 1242 a/b/g access point as a rogue detector, can this be used for 802.11n wired detection as well.i.e Will the controller send the MAC addresses of the 802.11n clients and APs. url...
I have an underground cable connecting a classroom to the main server.
If I plug any computer directly into the underground cable it connects to the server fine.
If I plug a switch into the cable, none of the computers connected to the switch gets an IP address from the server. When I try to assign manual IP addresses I also can't connect.
But when I use the same switch and plug it into the server using a shorter cable everything works.
I'm using a 2504 controller. I dont have WCS.My questions are about the best way to configure a Rogue Detector AP.
In my lab environment I setup the WLC with 2 APs. One AP was in local mode, and I put the other in Rogue Detector mode.The Rogue Detector AP was connected to a trunk port on my switch. But the AP needed to get its IP address from the DHCP server running on the WLC. So I set the native vlan of the trunk port to be the vlan on which the WLC management interface resides. If the trunk port was not configured with a native vlan, the AP couldn't get an address through DHCP, nor could the AP communicate with the WLC. This makes sense because untagged traffic on the trunk port will be delivered to the native vlan. So I take it that the AP doesn't know how to tag frames.Everything looked like it was working ok.
So I connected an autonomous AP (to be used as the rogue), and associated a wireless client to it. Sure enough it showed up on the WLC as a rogue AP, but it didn't say that it was connected on the wire. From the rogue client I was able to successfully ping the management interface of the WLC. But the WLC never actually reported the rogue AP as being connected to the wired network.So my questions are:
1. What is the correct configuration for the trunk port? Should it not be configured with a native vlan? If not, then I'm assuming the rogue detector AP will have to have a static IP address defined, and it would have to be told which vlan it's supposed to use to communicate with the WLC.
2. Assuming there is a rogue client associated with the rogue AP, how long should it reasonably take before it is determined that the rogue AP is connected to the wired network? I know this depends on if the rogue client is actually generating traffic, but in my lab environment I had the rogue client pinging the management interface of the WLC and still wasn't being picked up as an on-the-wire rogue.
I'm building the use case to test / detect for rogue devices on the network. I have in my enviroment Lan controller 5500 controller with AP (aironet 3500). I want to detect for rogue devices/ap connected to my network. I know before i can see this activity on the network i have to configure the controller / ap to detect this behavior. I'm doing this step.
Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network.By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the URL
Using Rogue detection. feature, the WLC will be able to detect any AP that is not a part of its RF group and contain it.URL
NOTE: from the forum I have seen other talks about the same issue and saying that if I have any APs in "Rogue Detection" mode sitting on the trunk port on the switch then only, this AP will detect the Rogue on Wired
I don't think i completely understand this statement, by sitting does it mean that it is passively sniffing coming in/out on trunk link?
Considering the above steps are accurate, after this will i be able to see rogue detection behavior in syslogs? What exactly would be the messages that would produce this behavior.
(5508 WLC, 1142N APs).I understand if I enable the AP mode to Rogue Detector from the details page of the AP, the AP stops accepting requests and is now looking for rogue items on the wired network. Is this the same when I enable Rogue Location Discovery Protocol? Will I lose the wireless functionality of all of my APs on the controller?
Next question, when I look at the Rogue Summary on the Monitoring page I see three Adhoc Rogue devices. When I select the Detail link only one shows. I remember the other two were HP mutifuction devices with WIFI enabled but I cannot retrieve that information anymore.
My computer was recently infected with the XP Antivirus 2012 rogue virus. I believe that it has been removed from my computer, but I am unable to connect to the internet. I am unable to obtain an IP address. The IP address is 00000 and the Submask is 0000. My operating system is Windows XP and I am using a High speed cable connection
We had a core switch (4503), distribution switches and access in our network and consists of many vlans. Almost all vlans uses DHCP Pools. But for few vlans DHCP is not yet configured. Recently one of the rogue user in vlan 1 gave the corresponding interface vlan ip of core switch (gateway) as his ip and caused a prolonged network outage for the vlan. Any way we are going to seggregate vlan 1 into different vlans, but before that we need a temporary plan to block such kinds of attack.What are the possible ways we can avoid the network outage problem even if a user gave the gateway ip to the machine?
I am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue. On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch.
I have a Netgear WNR3500L wireless router. I assume it's v1 because on the back it doesn't have "v" anything. Firmware version V1.2.2.44_35.0.53NA.When I connect using g I get 22+Mbps download speed. When I connect using n I get 10 Mbps. I've tried using both WPA2 only (laptop reports 130 Mbps connection I believe) as well as the combo WPA+WPA2 (laptop reports connection of 117 Mbps).Broadband download results don't change - they stay at the 10 Mbps level. I've fiddled with some of the settings on my laptop's wireless card - but the results are the same.For now I'm just trying to figure out where I should focus my investigation and fiddling efforts - on the laptop or on the router.
i have a Netgear N600 Wireless ADSL2+ router on wireless a/b/g/n dual band and all that but what i want to know is will i get better performance if i use a WirelessN card over G on a 10 - 15mb/s connection gaming wise and will it b a great increase over the G causeif its not a HUGE increase then i wont waste my money on a newer card?
My Acer Aspire 5610Z laptop will automatically connect to public hotspot wireless network but when I attempt to connect to a wireless network at home, set up using a Netgear modem, I only ever get 'local' internet connection only. My wife's HP laptop has no problem making the home wireless connection.
I am running windows vista and have installed the software and windows sees the adapter and states it is working but when it searches for available networks it can't find any. How can I download the driver and install it?
I have a setup involving 3 clustered AP541 running off a sg300 switch. The wireless network setup VAP has one entry for vlan 1 with station isolation disabled. Is there anything more I need to do to allow one wireless client to ping another wireless client - am I missing something - i assume this is possible.Needless to say wireless clients can ping non wireless clients and vice versa quite happily. Everything is running with factory default settings more or less.
*Mar 1 01:28:21.018: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY *Mar 1 01:28:21.022: %LWAPP-3-CLIENTERRORLOG: bsnSetCurrentBHRate : fail to set radio control and data rate
*Mar 1 01:28:21.179: %CDP_PD-2-POWER_LOW: All radios disabled - AC_ADAPTOR (00 00.0000.0000) *Mar 1 01:28:21.984: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth ernet0, changed state to up *Mar 1 01:28:34.341: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne d DHCP address 192.168.10.244, mask 255.255.255.0, hostname AP2c54.2d0d.c3c4
I have a WLC 5508, AIR-LAP1142N APs and a SSID for students to connect to who bring their own device. I am still testing this and it has not been rolled out but I am running into some serious issues with joining the network. I am authenticating them through a RADIUS server (2008 R2). Problem: many of them cannot connect because they are lacking the certificate.
1. What is a good setup for authentication in a BYOD environment
2. If my setup is good what can I do to allow kids to use their computers on the wireless either without the certificate (which I know is unlikely) or what do I need to have them do to connect. I am hoping it does not involve hard wiring and getting the certificate from the server.
have a Cisco 5508 controller (version 6.0.199.4) that when I enable global multicast mode it will work for an hour or two and then it will kill the network. All internet both wired and wireless, access to server everything dead. I then have to directly connect to the service port and disable the global multicast mode. Then two reasons for enabling it are Docs2Go and LanSchool both require multicast to be enabled. I have it enabled on our wired network and it works OK there. ted.
We have recently been given this unusual task. The setup is a series of CAP3502P access points, and a wireless controller (either 2500 Series or 5500 Series), as well as other standard network infrastructure.
In this network, the client (mobile/wireless) devices must be able to detect when they change what access point they are communicating through, while also requiring a seamless transition. Ie, if the client device is communicating via access point A, and displaying the application menus for A, when the user walks to the area services by access point B, it must detect that sot he application can display menus for B, without the user having to select "B".
Is there a way for the client device to detect which access point it is using and provide that to an application? Or alternatively a way for a host service residing on a server to get that information from the wireless controller?
i am placing a formal request to Cisco and to the firmware development team to create a new-and-improved firmware release for the WET200 wireless Ethernet bridge, a product that is still being produced, shipped, and sold. I purchased the product about one-and-a-half years ago and have enjoyed its performance. There have been, however, some flaws with the device, namely the following:While configured to use WPA2-based security, DHCP-related traffic is not passed from a router/gateway's DHCP Server to connected devices on the WET200. Current firmware release notes indicate this was a known issue and was, supposedly, fixed; however, due to the level of problems customers are reporting, it appears this may have only been resolved, if at all, with security configurations of WPA, WEP, or OPEN. It has not been fixed for customers using WPA2-based security.When I originally purchased the WET200 and configured it to use WPA2-based security, while it, initially, did have a few problems connecting to my router/gateway, it, eventually, did connect and stayed connected for, approximately, one year. However, in September of 2009, it suddenly lost connectivity with my router/gateway and has not been able to establish a connection since, even after reinstalling the latest firmware revision and after several soft and hard resets of the device. I tested the WET200 with another router/gateway, only to experience the same issue. Other devices are connecting to my router/gateway, but, not the WET200. The last firmware update for the WET200 was dated back in July of 2008. Currently, it is January 2010 and since these issues have been known for quite some time, it is unacceptable that the firmware for this device has not been updated in such a long time, especially when there are known issues with the WET200's firmware. Such lack of support is forcing me and my clients to stop using these Cisco-based products and purchase competing hardware, something I would prefer not to do; however, without better support, I and my clients do not have a choice. Expecting me and my clients to use an inferior form of security on the WET200, such as WEP and/or WPA, until a firmware update is issued is unacceptable, especially when that update has not been released in over one-and-a-half years. Such lack of support is especially unforgettable when my clients and I are looking to purchase new networking equipment. In the past, I would not have hesitated to purchase a Cisco-based product; now, with this experience in mind, I am finding it very difficult to recommend to a client that he or she should invest their organization's finances into Cisco-branded equipment. Proper, professional, timely, support of your hardware is expected of your customers, especially if you wish them to remain loyal customers. I have noticed that other similar devices, albeit, higher-end devices, have had their firmware updated, more recently, compared to the WET200. I assumed this meant that the firmware development team was updating all firmware on such devices. So far, I have been disappointed in the lack of firmware updates for the WET200. While I understand the possible desire to update the higher-end products, first, as a professional whose job is to research, recommend, purchase, install,configure, secure, and maintain both the enterprise-level and small business-level devices, I highly encourage Cisco not to overlook their small business products when the firmware development team is updating firmware for any Cisco products. Deficiency in the support of one strata of Cisco-based products is reflective upon the support of any Cisco-based product and is not easily forgiven by Cisco customers, such as myself, when new and additional hardware needs to be purchased.
WET546 successfully authenticates and looks pretty healthy on controller (see below) , however neither of computers plugged to WET546 was unable to obtain ip address from dhcp server , nor working with static ip. I was under impression what it might be related to some default policies on WLC2100. Logs (warning) on WLC2100 looks clean.
This is the first time I am trying my hands on wireless gears. I have 2500 WLC and 1142 AP (which I converted from Standalone to LAP).I have a layer 3 POE switch where i am using port 1 for the WLC which is a trunk port.
Port 2 is for the AP using access vlan 111
Port 3 is trunk port going to a router where i am running dhcp server for the VLANs which are as follow:
I wanted to block the traffic from the Guest VLAN 999 but when i apply the ACL on the Guest Interface created on the WLC, I dont see any pings going across and neither I see any hit counts on the deny statement as if the ACL is never applied.
I just read that starting from version 7.4, the 2500 controller can be used to terminate guest anchor tunnels. have a question regarding the performance of the internal DHCP server when used in guest environments.
We have a 2504 Wireless Controller and it works great!We currently have 6 Access Points (Aironet 1252) connected.We just added the sixth one a few weeks ago and with a properly configured and fully functioning Wireless Controller, it was super easy.Now, I have been assigned to add another Access Point, but at a remote site.The plan is to have up to three or more APs at this remote location and we want them to talk back to the Wireless Controller.We have plenty of licences on our current Wireless Controller.Do do not want to spend the funds for another Wireless Controller and more licenses.
1. How does one manually add a Aironet 1252 to the 2504 Wireless Controller
2. If the AP is on a different subnet than the Wireless Controller, how does one get it registered?
3. The best for last: Can a Aironet 1252 talk to a 2504 Wireless Controller over a WAN link?
Android users can connect to our hospital guest wireless but will not have connectivity. Our wireless infrastructure is WISM based with 2 controllers on 6509 platform. We have a mixed environment of 1231, 1252 & 3502 series APs.
Had issue connecting just Android devices? All other devices connect fine.
