Rogue Ap Detection Troubleshooting - Brocade Communications Systems RFS6000 System Reference Manual
Provides centralized wireless lan (wlan) configuration and management
Hide thumbs
Also See for RFS6000:
- Cli reference manual (839 pages) ,
- System reference manual (553 pages)
Table of Contents
Advertisement
B
Rogue AP Detection Troubleshooting
Rogue AP Detection Troubleshooting
Brocade recommends adhereing to the following guidelines when configuring Rogue AP detection:
•
•
•
•
Troubleshooting Firewall Configuration Issues
Brocade recommends adhereing to the following guidelines when dealing with problems related to
Mobility RFS7000 Controller Firewall configuration:
•
•
A Wired Host (Host-1) or Wireless Host (Host-2) on the untrusted side is not able to connect to the
Wired Host (Host-3) on the trusted side
1. Check that IP Ping from Host1/Host2 to the Interface on the Trusted Side of the Brocade RF
2. If it works then there is no problem in connectivity.
3. Check whether Host-1/Host-2 and Host-3 are on the same IP subnet.
4. After last step, check again, that IP Ping from Host1 to the Interface on the Trusted Side of the
556
Basic configuration required for running Rogue AP detection:
•
Enable any one of the detection mechanism.
•
Enable rogueap detection global flag.
After enabling rogueap and anyone of the detection mechanisms, look in the roguelist
context for detected APs. If no entries are found, do the following:
•
Check the global rogueap flag by doing a show in rogueap context. It should display Rogue
AP status as "enable" and should also the status of the configured detection scheme.
•
Check for the "Brocade AP" flag in rulelist context. If it is set to "enable", then all the
detected APs will be added in approved list context.
•
Check for Rulelist entries in the rulelist context. Verify it does not have an entry with
MAC as "FF:FF:FF:FF:FF:FF" and ESSID as "*"
If you have enabled AP Scan, ensure that at least a single radio is active. AP scan does not
send a scan request to an inactive or unavailable radio.
Just enabling detectorscan will not send any detectorscan request to any adopted AP. User
should also configure at least a single radio as a detectorAP. This can be done using the set
detectorap command in rogueap context.
A Wired Host (Host-1) or Wireless Host (Host-2) on the untrusted side is not able to connect to
the Wired Host (Host-3) on the trusted side
A wired Host (Host-1) on the trusted side is not able to connect to a Wireless Host (Host-2) or
Wired Host (Host-3) on the untrusted side
Series Controller works.
CLI (from any context) - ping <host/ip_address>
If not, add proper NAT entries for configured LANs under FireWall context.
Brocade RF Series Controller works.
If it works then problem is solved.
Brocade Mobility RFS6000 and RFS7000 System Reference Guide
53-1001858-01
Advertisement
Table of Contents
