Rogue Ap Containment Overview - ZyXEL Communications ZYWALL USG Series Reference Manual

Chapter 8 Rogue AP
This example shows the friendly AP detection list.
Router(config)# show rogue-ap detection list friendly
no. mac
===========================================================================
1 11:11:11:11:11:11
2 00:13:49:11:22:33
3 00:13:49:00:00:05
4 00:13:49:00:00:01
5 00:0D:0B:CB:39:33
This example shows the combined rogue and friendly AP detection list.
Router(config)# show rogue-ap detection list all
no. role
===========================================================================
1 friendly-ap
2 friendly-ap
3 friendly-ap
4 friendly-ap
5 friendly-ap
6 rogue-ap
This example shows both the status of rogue AP detection and the summary of detected APs.
Router(config)# show rogue-ap detection status
rogue-ap detection status: on
Router(config)# show rogue-ap detection info
rogue ap: 1
friendly ap: 4
adhoc: 4
unclassified ap: 0
total devices: 0

8.3 Rogue AP Containment Overview

These commands enable rogue AP containment. You can use them to isolate a device that is
flagged as a rogue AP. They are global in that they apply to all managed APs on the network (all APs
utilize the same containment list, but only APs set to monitor mode can actively engage in
containment of rogue APs). This means if we add a MAC address of a device to the containment list,
then every AP on the network will respect it.
Note: Containing a rogue AP means broadcasting unviable login data at it, preventing
legitimate wireless clients from connecting to it. This is a kind of Denial of Service
attack.
70
description
third floor
dept1
mac description
11:11:11:11:11:11 third floor
00:13:49:11:22:33
00:13:49:00:00:05
00:13:49:00:00:01
00:0D:0B:CB:39:33 dept1
00:13:49:18:15:5A
ZyWALL / USG (ZLD) CLI Reference Guide