Cisco 2100 Series Configuration Manual page 279
Wireless lan controller
Hide thumbs
Also See for 2100 Series:
- Configuration manual (50 pages) ,
- Quick start manual (12 pages) ,
- Quick start manual (49 pages)
Table of Contents
Advertisement
Chapter 5
Configuring Security Solutions
Note
Note
To disable all rules or a specific rule, enter this command:
Step 2
config rogue rule disable {all | rule_name}
Note
To add conditions to a rule that the rogue access point must meet, enter this command:
Step 3
config rogue rule condition ap set condition_type condition_value rule_name
where condition_type is one of the following:
•
ssid—Requires that the rogue access point have a specific SSID. You should add SSIDs that are not
managed by the controller. If you choose this option, enter the SSID for the condition_value
parameter. The SSID is added to the user-configured SSID list.
Note
rssi—Requires that the rogue access point have a minimum RSSI value. For example, if the rogue
•
access point has an RSSI that is greater than the configured value, then the access point could be
classified as malicious. If you choose this option, enter the minimum RSSI value for the
condition_value parameter. The valid range is –95 to –50 dBm (inclusive), and the default value is
0 dBm.
•
duration—Requires that the rogue access point be detected for a minimum period of time. If you
choose this option, enter a value for the minimum detection period for the condition_value
parameter. The valid range is 0 to 3600 seconds (inclusive), and the default value is 0 seconds.
client-count—Requires that a minimum number of clients be associated to the rogue access point.
•
For example, if the number of clients associated to the rogue access point is greater than or equal to
the configured value, then the access point could be classified as malicious. If you choose this
option, enter the minimum number of clients to be associated to the rogue access point for the
condition_value parameter. The valid range is 1 to 10 (inclusive), and the default value is 0.
•
no-encryption—Requires that the rogue access point's advertised WLAN does not have encryption
enabled. A condition_value parameter is not required for this option.
managed-ssid—Requires that the rogue access point's SSID be known to the controller. A
•
condition_value parameter is not required for this option.
OL-17037-01
If you later want to change the priority of this rule and shift others in the list accordingly, enter
this command: config rogue rule priority priority rule_name. If you later want to change the
classification of this rule, enter this command: config rogue rule classify {friendly | malicious}
rule_name.
If you ever want to delete all of the rogue classification rules or a specific rule, enter this
command: config rogue rule delete {all | rule_name}.
A rule must be disabled before you can modify its attributes.
If you ever want to delete all of the SSIDs or a specific SSID from the user-configured SSID
list, enter this command: config rogue rule condition ap delete ssid {all | ssid} rule_name.
Cisco Wireless LAN Controller Configuration Guide
Managing Rogue Devices
5-91
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
