Cisco Systems OL-8376-01 Intrusion Detection System FAQs and Troubleshooting, Detecting Rogue APs

Page 61

Chapter 1 FAQs and Troubleshooting

Intrusion Detection System FAQs and Troubleshooting

Intrusion Detection System FAQs and Troubleshooting

Intrusion Detection System FAQs

Intrusion Detection System Troubleshooting

Intrusion Detection System FAQs

Detecting Rogue APs

Q.How does WLSE detect rogue APs?

Q.What is the difference between a rogue and a friendly AP?

Q.How does the WLSE distinguish between a rogue device and an ad-hoc device?

Q.How often does rogue AP detection occur and can it be customized?

Q.How long does it typically take for the WLSE to detect a rogue access point after it is connected to the network?

Q.Can I disable transmit on an AP and yet allow it to receive signals so that it can participate in rogue AP detection?

Q.I want to disable Radio Monitoring and detect rogue APs only when AP Radio Scan jobs are scheduled. Is this possible?

Q.What requirements and configuration are needed before a client can participate in rogue AP detection?

Q.Can the client be used to help triangulate a rogue AP?

Q.How can I automatically adjust the channel and power settings on my managed APs to overcome the coverage problems introduced by rogue APs?

Q.I understand that WLSE does not accept SNMP traps that indicate an AP detected a rogue. So why is an AP that is currently designated as the WDS generating rogue AP SNMP traps?

Q.I configured the Friendly AP-to-Rogue AP no-observation period as 5 minutes, moved a rogue AP (AP1) to the friendly list, and shut down its radio. After 5 minutes, AP1 was moved to the rogue AP list. When I moved AP1 back to the friendly list, it was immediately (with in 40 seconds) moved back to the rogue AP list.

Q.What should I do when my system is overrun with rogue APs?

Q.Why is a fault generated regardless of the threshold set for detecting rogue APs with an defined RSSI value under IDS > Manage Network-Wide IDS Settings?

Interference Detection

Q.Are the Network-Wide > Interference Detection settings of -87dbm for 10% always the same, or are they the optimal recommended values, or are they calculated depending on the environment? Should they be left alone, or are there any recommendations?

APs in Scanning-Only Mode

Q.Why are the APs running in scanning-only mode having problems with sporadic connection loss and image upgrade failure?

Q.Which WLSE IDS functions require dedicated scanning APs?

FAQ and Troubleshooting Guide for the CiscoWorks Wireless LAN Solution Engine

 

OL-8376-01

1-49

 

 

 

Page 60 Page 62
Image 61
Page 60 Page 62
Contents Customer Order Number OL-8376-01 Corporate HeadquartersCopyright 2006 Cisco Systems, Inc. All rights reserved N T E N T S Fault Descriptions Conventions AudienceConvention Italic fontAvailable Formats Product Documentation105/wlse/213/index.htm Obtaining DocumentationProduct Documentation DVD Cisco.comOrdering Documentation Documentation Feedback Reporting Security Problems in Cisco ProductsCisco Product Security Overview Cisco Technical Support & Documentation Website Obtaining Technical AssistanceDefinitions of Service Request Severity Submitting a Service RequestObtaining Additional Publications and Information Xii General FAQs General FAQs and TroubleshootingFAQs and Troubleshooting General FAQs and Troubleshooting MIB Name Description General Troubleshooting If no, see Symptom Cannot log in as a system administrator., Possible Cause Restart the system services by entering the following Symptom The system time or date is incorrect # ip name-server ip-address Deployment Wizard Troubleshooting Faults FAQs Faults FAQs and TroubleshootingFAQs and Troubleshooting Faults FAQs and Troubleshooting Faults Troubleshooting Recommended Action Not applicable Devices FAQs Devices FAQs and TroubleshootingFAQs and Troubleshooting Devices FAQs and Troubleshooting Discovery/Device Management Troubleshooting Devices TroubleshootingMessage Possible Cause Recommended Action Discovered but could not be FAQs and Troubleshooting Devices FAQs and Troubleshooting Configuration FAQs Configuration FAQs and TroubleshootingOL-8376-01 Page OL-8376-01 Configuration Troubleshooting Auto-Managed Configuration Assign Templates Firmware FAQs Firmware FAQs and TroubleshootingFirmware Troubleshooting Recommended Action FAQs and Troubleshooting Firmware FAQs and Troubleshooting Reports FAQs Reports FAQs and TroubleshootingTelnet Credential Fields Required Reports Troubleshooting Recommended Action None Click jobvm.log Radio Manager FAQs Radio Manager FAQs and TroubleshootingConfiguration Radio MonitoringMiscellaneous Auto Re-Site SurveyWDS AP? When Wlse is used for initial setup OL-8376-01 Auto Re-Site Survey Select Devices Discover Managed/Unmanaged Radio Manager TroubleshootingSites FAQs Sites FAQs and TroubleshootingLocation Manager Assisted Site survey WizardRadio Parameter Generation AP Radio ScanAssisted Site Survey Wizard FAQs and Troubleshooting Sites FAQs and Troubleshooting AP Radio Scan Sites Troubleshooting FAQs and Troubleshooting Sites FAQs and Troubleshooting FAQs and Troubleshooting Sites FAQs and Troubleshooting Intrusion Detection System FAQs Intrusion Detection System FAQs and TroubleshootingAPs in Scanning-Only Mode Detecting Rogue APsDetecting Rogue APs Page OL-8376-01 Intrusion Detection System Troubleshooting Admin FAQs Admin FAQs and TroubleshootingFAQs and Troubleshooting Admin FAQs and Troubleshooting Redundancy State Description Admin Troubleshooting Recommended Action FAQs and Troubleshooting Admin FAQs and Troubleshooting Select Faults Manage Fault Settings Generating Diagnostics for Technical Assistance Troubleshooting Tools for the Wlse ApplianceInternal AAA Server Wlse Express FAQs Fault Descriptions To rule Access Point /Bridge FaultsUtilization % Engine, Release CiscoWorks Wireless LAN SolutionSsid Version number See IDS Intrusion Detection System Faults,Table-name. OID-name Problem-detailsVlan Vlan numberChannel origChannel NewChannelRadio Interface Faults Broadcast is disabled for Radio-x Radio Interface Faults Rate % Reason, IgnoredFault. See Q.What are the results Verify RM Capability IDS Intrusion Detection System Faults IDS Faults IDS CcmpFramecount,Intervalwind FloodcountOwsize Channel Frames Sntp Enabled That is observed generating ViolationNumber of Ccmp Replay Fault threshold set for Number of Tkip Local Fault threshold set for Cd11IfStationRole from Unregistered Clients One or more unregistered clients Wlse Faults Voice FaultsThreshold% Wlse LAN Solution Engine, 2.13. or in the onlineEAP-FAST AAA Server FaultsEAP-MD5, Leap EAP-MD5 /LEAP PEAP/RADIUSEAP-MD5 EAP-FAST5EAP LeapPeap Radius Degraded utilization % Switch FaultsUtilization % Wlsm Faults Router FaultOL-8376-01 D E IN-2 IN-3 IN-4 HttpNAT Detection, frequencyIN-6 IN-7 SSHIN-8 WDSWlsm IN-10
Top Page Image Contents