Cisco 2100 Series Configuration Manual page 270
Wireless lan controller
Hide thumbs
Also See for 2100 Series:
- Configuration manual (50 pages) ,
- Quick start manual (12 pages) ,
- Quick start manual (49 pages)
Table of Contents
Advertisement
Managing Rogue Devices
When the controller receives a rogue report from one of its managed access points, it responds as
follows:
1.
The controller verifies that the unknown access point is in the friendly MAC address list. If it is, the
controller classifies the access point as Friendly.
2.
If the unknown access point is not in the friendly MAC address list, the controller starts applying
rogue classification rules.
If the rogue is already classified as Malicious, Alert or Friendly, Internal or External, the controller
3.
does not reclassify it automatically. If the rogue is classified differently, the controller reclassifies it
automatically only if the rogue is in the Alert state.
The controller applies the first rule based on priority. If the rogue access point matches the criteria
4.
specified by the rule, the controller classifies the rogue according to the classification type
configured for the rule.
If the rogue access point does not match any of the configured rules, the controller classifies the
5.
rogue as Unclassified.
6.
The controller repeats the previous steps for all rogue access points.
If RLDP determines that the rogue access point is on the network, the controller marks the rogue
7.
state as Threat and classifies it as Malicious automatically, even if no rules are configured. You can
then manually contain the rogue (unless you have configured RLDP to automatically contain the
rogue), which would change the rogue state to Contained. If the rogue access point is not on the
network, the controller marks the rogue state as Alert, and you can manually contain the rogue.
If desired, you can manually move the access point to a different classification type and rogue state.
8.
Table 5-8
type.
Table 5-8
Rule-Based Classification Type
Friendly
Malicious
Cisco Wireless LAN Controller Configuration Guide
5-82
shows the rogue states that can be adopted by a rogue access point in a particular classification
Classification Mapping
Rogue States
•
Internal—If the unknown access point is inside the network and
poses no threat to WLAN security, you would manually
configure it as Friendly, Internal. For example, the access
points in your lab network.
External—If the unknown access point is outside the network
•
and poses no threat to WLAN security, you would manually
configure it as Friendly, External. For example, the access
points belonging to a neighboring coffee shop.
•
Alert—The unknown access point is moved to Alert if it is not
in the neighbor list or in the user-configured friendly MAC list.
Alert—The unknown access point is moved to Alert if it is not
•
in the neighbor list or in the user-configured friendly MAC list.
•
Threat—The unknown access point is found to be on the
network and poses a threat to WLAN security.
•
Contained—The unknown access point is contained.
•
Contained Pending—The unknown access point is marked
Contained, but the action is delayed due to unavailable
resources.
Chapter 5
Configuring Security Solutions
OL-17037-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
