Chapter 9 Configuring Radio Resource Management

Enabling Rogue Access Point Detection

Enabling Rogue Access Point Detection

After you have created an RF group of controllers, you need to configure the access points connected to the controllers to detect rogue access points. The access points will then check the beacon/ probe-response frames in neighboring access point messages to see if they contain an authentication information element (IE) that matches that of the RF group. If the check is successful, the frames are authenticated. Otherwise, the authorized access point reports the neighboring access point as a rogue, records its BSSID in a rogue table, and sends the table to the controller.

Using the GUI to Enable Rogue Access Point Detection

Follow these steps to enable rogue access point detection using the GUI.

Step 1 Make sure that each controller in the RF group has been configured with the same RF group name.

Note The name is used to verify the authentication IE in all beacon frames. If the controllers have different names, false alarms will occur.

Step 2 Click Wireless to access the All APs page (see Figure 9-5).

Figure 9-5 All APs Page

Step 3 Click the Detail link for an access point to access the All APs > Details page (see Figure 9-6).

Cisco Wireless LAN Controller Configuration Guide

9-12

OL-8335-02

 

 

Page 168
Image 168
Cisco Systems OL-8335-02 manual Enabling Rogue Access Point Detection, Using the GUI to Enable Rogue Access Point Detection