Chapter 10 Rogue AP

This example shows the friendly AP detection list.

Router(config)# show rogue-ap detection list friendly

no. macdescription

===========================================================================

1

11:11:11:11:11:11

third floor

200:13:49:11:22:33

300:13:49:00:00:05

400:13:49:00:00:01

500:0D:0B:CB:39:33 dept1

This example shows the combined rogue and friendly AP detection list.

Router(config)# show rogue-ap detection list all

no. role macdescription

===========================================================================

1

friendly-ap 11:11:11:11:11:11 third floor

2friendly-ap 00:13:49:11:22:33

3friendly-ap 00:13:49:00:00:05

4friendly-ap 00:13:49:00:00:01

5

friendly-ap

00:0D:0B:CB:39:33

dept1

6

rogue-ap

00:13:49:18:15:5A

 

This example shows both the status of rogue AP detection and the summary of detected APs.

Router(config)# show rogue-ap detection status rogue-ap detection status: on

Router(config)# show rogue-ap detection info rogue ap: 1

friendly ap: 4

adhoc: 4

unclassified ap: 0

total devices: 0

10.3 Rogue AP Containment Overview

These commands enable rogue AP containment. You can use them to isolate a device that is flagged as a rogue AP. They are global in that they apply to all managed APs on the network (all APs utilize the same containment list, but only APs set to monitor mode can actively engage in containment of rogue APs). This means if we add a MAC address of a device to the containment list, then every AP on the network will respect it.

 

91

NXC CLI Reference Guide