Chapter 1 Overview

Web User Interface and the CLI

Rogue Access Point Location, Tagging, and Containment

This built-in detection, tagging, monitoring, and containment capability allows system administrators to take required actions:

Locate rogue access point as described in the Cisco Wireless Control System Configuration Guide.

Receive new rogue access point notifications, eliminating hallway scans.

Monitor unknown rogue access point until they are eliminated or acknowledged.

Determine the closest authorized access point, making directed scans faster and more effective.

Contain rogue access points by sending their clients deauthenticate and disassociate messages from one to four Cisco 1000 series lightweight access points. This containment can be done for individual rogue access points by MAC address, or can be mandated for all rogue access points connected to the enterprise subnet.

Tag rogue access points:

Acknowledge rogue access point when they are outside of the LAN and do not compromise the LAN or wireless LAN security.

Accept rogue access point when they do not compromise the LAN or wireless LAN security.

Tag rogue access point as unknown until they are eliminated or acknowledged.

Tag rogue access point as contained and discourage clients from associating with the rogue access point by having between one and four Cisco 1000 series lightweight access points transmit deauthenticate and disassociate messages to all rogue access point clients. This function contains all active channels on the same rogue access point.

Rogue Detector mode detects whether or not a rogue access point is on a trusted network. It does not provide RF service of any kind, but rather receives periodic rogue access point reports from the Cisco Wireless LAN Controller, and sniffs all ARP packets. If it finds a match between an ARP request and a MAC address it receives from the Cisco Wireless LAN Controller, it generates a rogue access point alert to the Cisco Wireless LAN Controller.

To facilitate automated rogue access point detection in a crowded RF space, Cisco 1000 series lightweight access points can be configured to operate in monitor mode, allowing monitoring without creating unnecessary interference.

Web User Interface and the CLI

This section describes the controller GUI and CLI.

Web User Interface

The Web User Interface is built into each Cisco Wireless LAN Controller. The Web User Interface allows up to five users to simultaneously browse into the built-in Cisco Wireless LAN Controller http or https (http + SSL) Web server, configure parameters, and monitor operational status for the Cisco Wireless LAN Controller and its associated Access Points.

Note Cisco recommends that you enable the https: and disable the http: interfaces to ensure more robust security for your Cisco WLAN Solution.

Cisco Wireless LAN Controller Configuration Guide

 

OL-8335-02

1-25

 

 

 

Page 47
Image 47
Cisco Systems 3.2 manual Web User Interface and the CLI, Rogue Access Point Location, Tagging, and Containment