How to jam rogue APs

Dear
I have detected several rogue APs in my company, one is with no security key. We are using 4402 WLC, i tried to contain those rogue APs , after this it shows these APs as contained, but no effect on SSID, still anyone can use it. Can someone tell me is it possible to disable rogue APs so that they are not used by employees. Thanks

Your theory seems to be correct, as I was able to Contain one SSID of my own D-LINK AP.
What was the RSSI value when you did this?  How many APs were assigned to contain?
after that when I contain the client associated with that Contained AP then I was able to dis-associate.
Not a good idea because you'll need to contain alot of clients.  What if the clients want to join YOUR valid SSID?
Cud u tell me what are possible RSSI values or distance between which we should be able to contain APs without issues.  Is it related with APs or WLC model etc.
Y'know what?  I'm not so sure because "containing" an AP isn't really a "sport" you want to brag about and Cisco frowns upon it.  I just theorized because your RSSI values are just too low.  If you have a value of, say, -75 dBm then there's a chance of being successful.
I plan to implement switch port security with mac-filtering on access switches.
Here's the deal.  This is OK if the rogue AP happens to be connected to YOUR network.  What if, and this is very common occurance here in Australia, if the rogue AP IS/WAS NOT connected to your network?  What if the AP is actually acting as a honeytrap or siphoning your enterprise WLAN traffic and sending it the other side?  As Scott recommended, the best way is to go to the owner of the offending rogue AP with two other big and burly colleagues and tell the offender to take the rogue AP out or you'll send your "enforcers" back.
This AP is just two floors away.
What are the inter-floors made of?  Are they made of concrete or wood?  Sounds like it's made out of concrete which makes propagation of wireless signal more difficult.  A recent study in Australia regarding the propagation of rogue APs are caused by staff bringing in their own chop-suey wireless access point.  The reason why they are doing it is because they are sick and tired of management telling them "No, you can't do it."  The same study stated that if management is un-willing to improve work-related technology then staff will do their best to it themselves and without any authorization or approval.  When it comes to wireless technology in the workplace, you'll be surprise to know how many managers are still ignorant about the security implications and consider wireless as a "punishment from G0d".
My opinion is this:  Roll out wireless to your floors and buildings.

Similar Messages

  • How to avoid interferences caused by rogues APs

    Hi Everybody,
    I have a WLC running well with 10 LAPs.
    The problem that I have approximatively 60 Rogues APs and I have a lot of perturbations in signals (noise, interference, ...) caused by theses APs.
    How to avoid these interferences ?? is it the classification Malicieous APs ??

    wow! belay that...DO NOT CONTAIN THE ROGUES!
    Unless you can prove they are in your network and shouldn't be, there can be legal ramifications for doing so.
    What you need to do first, is adjust the sensiitivity for rogues.  by default it's -128, change that to -75.  Once you've done this, then you can evalutate which rogues are in your network, or belong to neighboring businesses.  For neighboring, go talk to their IT staff and see if you can get them to lower power so you aren't interferring with each other, cause if you see them, they probably see you as well.
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • How to Prevent or Block Rogue APs from Joining Your Wired or Wireless WLANs

    Hi all, I deployed a WLAN with 1 WLC 4400 and 5 1252AP. I do not see the way to Block Rogue APs from Joining the Wired or Wireless WLANs

    PART 1
    There are three parts to this:
    1. detect - automatic
    2. classify - by default APs are untrusted/unknown, various methods can be configured to classify them as trusted and threat (connected to wired network).
    3. over the air contain (aka mitigate) - in 4.x this is manual, in 5.x you can configure auto-containment
    First you need to detect. WLC does this automatically out of the box. It listens the air for unknown APs, clients and ad-hocs. Are you seeing Rogue APs under Monitor > Rogues > Rogue APs?
    Next, you can manually classify rogue APs as "known" (internal or external). Starting with 5.0 you can also build rogue rules based on RSSI, SSID, Clients, etc. If an AP is classified as "known" (internal or external), WCS stops alerting you.
    Another key classification piece is to detect whether or not the rogue AP is physically connected to your network which is a high security risk. There are three ways WLC can detect it and neither of them is automatic. You must configure these methods manually.
    1. Rogue AP Detector, aka ARP sniffing. You have to dedicate one AP as "Rogue Detector" (change AP mode from local to rogue detector). Configure the port the AP is connected to as switchport mode trunk (normally it's switchport mode access). Rogue Detector AP turns off and doesn't use its radios. When WLC detects rogue APs it can also detect the MAC addresses of any clients associated to that rogue APs, and the rogue detector AP simply watches each hardwire trunked VLAN for ARP requests coming from those rogue AP clients. If it sees one, WLC automatically classifies the rogue AP as "threat" indicating that the rogue AP is physically connected to your network. It doesn't actually do anything with the rogue AP, it simply classifies it and alerts you. Also, keep in mind that this method doesn't work if the rogue AP is a Wireless Router, because Wireless Routers NAT and ARP requests don't propagate to the wire.
    2. RLDP. Rogue Location Discovery Protocol. This feature is by default turned off and can be enabled under Security > Wireless Protection Policies > Rogue Polices. This feature works only when the rogue SSID is open, meaning that it's not using WEP/WPA/802.1x. When you enable RLDP, your WLC will pick some AP (you can't pick manually) which hears Rogue AP traffic, it will temporarily shut off its radio, turn it into a client, and instruct it to associate to the Rogue AP as client (this is where the requirement comes in for the Rogue SSID to be open authentication). Once associated, AP gets a DHCP IP through Rogue AP, it then sends a special small UDP port 6352 RLDP packet to every possible WLC's IP address (mgmt ip, ap manager ip, dynamic int IPs). If WLC gets one of those packets, it means that rogue AP is physically connected to your network. This method will work when Rogue AP is a Wireless Router. But this method is not recommended. It has an adverse effect on your wireless clients because RLDP AP goes offline for a period of time disconnecting your clients and forcing them to associate to another AP. Also, keep in mind, that WLC runs this RLDP process *once* per detected rogue AP. It doesn't periodically do this, it only does it once. In some later WLC versions, you can configure RLDP to run only on "monitor mode" APs, eliminating impact on your clients. Also, you can manually trigger RLDP for a rogue AP from CLI "config rogue ap rldp initiate ". You can "debug dot11 rldp" to see the process.
    3. Switchport Tracing (need WCS, and WLC 5.1). This is a later feature that requires WCS. You can add your Catalyst switches to WCS, and WCS will look at CDP information and MAC tables on your switches to detect whether or not Rogue AP is connected to your network. This works with secured and NAT rogues. You can also *manually* instruct WCS to shut down the switchport that Rogue AP is connected to.

  • Alerting of "Malicious" Rogue APs

    Hi,
    In WCS, I see that we can set a severity level for rogue APs, which is minor by default.  What I'd like to do is set APs classificed as Malicious Rogues (based on the rogue policies), to have a different severity -- critical to be specific.  The goal here is to have an email trigger based on rogue AP detection, but only for those classified as malicious.  How do I accomplish this?
    I'm running WCS 7.0, w/  a WLC 4404 on 6.0 code.
    Thanks,
    David Swafford, Network Engineer, CareSource
    Cisco Certified Network Professional  |  Cisco NAC Specialist  |  EC-Council Certified Ethical Hacker

    A possible alternative solution would be to have WCS send SNMP traps to a 3rd-party monitoring system, which could be configured to trigger an alert if it receives a notification indicating a new rogue AP has been detected and classified as malicious.  This is from the WCS MIB file:
    cWNotificationSpecialAttributes OBJECT-TYPE
        SYNTAX          OCTET STRING (SIZE  (1..1024))
        MAX-ACCESS      read-only
        STATUS          current
        DESCRIPTION
            "This object represents the specialized attributes required
            to describe the network condition identified by
            cWNotificationType. These include SNR, RSSI, channel information
            etc. This value is formatted as 'name=value' pairs in CSV
            format. For example, rogueAP Alert's special attributes are sent
            as 'detectingAPRadioType=a0,YCoordinate=0, state=11,
            rogueApType=0, spt Status=0, ssId=wpspsk, on80211A=0,
            numOfDetectingAps=0, on80211B=1, XCoordinate=0,
            classificationType=3, channelNumber=6, containmentLevel=0,
            rssi=-51, rogueApMacAddr=00:1b:2b:35:6a:f3, onNetwork=0, total
            RogueClients=0'. This string can be parsed to get different
            name-value pairs."
        ::= { cwNotificationHistoryEntry 12 }
    I haven't actually gotten around to trying this yet.  Hopefully I'll have time during the holiday season.  If anyone else gets it to work in the meantime, let me know!

  • Possibility to schow all Rogue APs in the WCS Map

    Hi All, one Customer uses WCS 4.0.81.0 /w Location for Management. It seems to be not possible to show ALL detected Rogue APs on a Map, only one selected AP from the List. Is there a possibility to show all Rogue APs at on Map? Regards, Michael

    Hello,
    If you want to see all rogue AP at the same time, then you need the Cisco Location Appliance. WCS with license for location but without location appliance only allows you to locate one rogue AP at the time.
    Rgds,
    Gaetan

  • How can I close Aps accumulated at the bottom of my screen

    How can I close Aps accumulated at the bottom of my screen?

    Hi,
    double tap on the home button. Then slide the page above the icon upwards towards the top of your iPad.

  • How to jam with your iPhone?

    How to jam with your iPhone:
    http://www.youtube.com/watch?v=oLU0hvUsa-k
    That's how it works

    You might also password protect your account and create a separte account on the Mac for your wife. 
    OT

  • How to find my APS server

    Hi all
    How can I install APS ? or How can I find my APS server I have installed before?
    I have designed a cube and loaded data in it successfully. When I open an excel file to test cube via SmartView, it show a error message:
    can not connect to provider service (I do not remember clearly)
    I enter the url 'http://MachineName:13080/aps/smartview' in IE, the excel provide. The result is 'can not find this website'
    I enter a command 'telnet MachineName 13080', the result is the port isn't opening.
    I enter the directory d:\Hyperion\products\Essbase, I can not find APS folder in it.
    I guess I have not installed Hyperion Provider services.
    when I want to reinstall provider service via running Hyperion EPM installer in the old folder I have kept since the last installation, I found a file named 'APS_VERSION.xml' and a folder named 'analytic_services_provider_webapp' in the assemblies directory . Does it mean I have installed?
    I delete all things except the 'analytic_services_provider_webapp' folder and 'APS_VERSION.xml', then run the installer. But there is no choice for APS server in the product selection step by tier or by components individually.
    How can I install APS? please help
    Regrads
    Gary.YU

    Hi,
    First of all you should never start deleting folders this could damage the installation.
    If you have it installed you should have a folder like :- <hyperionhome>\products\Essbase\aps
    And if you are on windows you will have a service named something like :- Hyperion Provider Services - Web Application
    If you don't then you will need to download and extract all the correct assemblies and run the installer, the files needed are defined at :- http://download.oracle.com/docs/cd/E12825_01/epm.111/epm_install/ch02s02s02.html under the section - "Oracle Hyperion Provider Services"
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • What tools for locating rogue APs and adhoc clients ?

    Hi all. I was wondering how you locate your rogues. I have WCS with location detection; however, I still have to go out and hunt down the device. It can be difficult when there is a high density of laptops. Right now, I try to attach to unsecured devices and use the Cisco wireless survey utility to home in on the rogue. Please let me know if you use something better. This seems to work better than using netstumbler, but it has the disadvantage of requiring that you attach to it first. If security is enabled, I have to resort to netstumbler. I would appreciate hearing what techniques and tools work for you.
    Randy

    I have not found and new tools/techniques as of yet. The way I see it the flow goes like this:
    1. You detect the rogue over the air waves. WLCs and WCS do a good job of this.
    2. With WCS and location detection, you get the aproximate location of the rogue.
    3. Then you have to go get the rogue. Sometimes they are easy to find, sometimes they are really hard to even when the location data is good. They could be under or behind a desk, or in an adjacent office.
    I have not tried one of the spectrum cards from Cisco. Perhaps that would work better for finding the device once you know roughly where to look.
    It seems that most rogues are not APs, but are routers using NAT. That hides the clients wireless mac addresses from the LAN side of your switched network so I don't think it is easy to locate the rogue on the LAN switch based upon what the AP's hear over the air waves - at least that is my experience.
    Randy

  • HT1495 how can i sync aps on multiple devices on one computer

    Trying to use multiple devices on same computer but don't want the devices to have all the same aps.  how can i seperate that without having to check the aps i want each time a sync?

    Assuming the photos are in an iPhoto Library on the Air and you want to import them into your iPhoto Library on your Powermac there is an application that can copy all photos in the Air library that are not in your Powermac library into your Powermac library.  However, no keywords or other metadeata willl be brought over with them and they will come over in a new event each time you run it. Take a look at: Sync iPhoto libraries | SyncPhotos (formerly iPhotoSync) | Haystack Software.
    There's another application,  iPhoto Library Manager, that will let you copy events or albums from the Air library to the Powermac library. However, you will have to select the events/albums you want to copy. It's not automatic.  This method will copy keywords and other metadata along with the photos.
    OT

  • How to transfer purchased aps to new macbook

    I have an ipod and an ipad and i just bought a macbook and would like the aps i bought previously to be on my macbook as well. How do I do that?
    Thanks!

    Welcome to the Apple Support Communities
    See > http://support.apple.com/kb/HT2519 If you want to install these programs on your computer, it's not possible because you have OS X installed on your MacBook

  • Finding rogue APs that are on wired network

    I am beginning to think that there is no way to gaurantee that a rogue AP is connected to your wired network. I have read up on RLDP and "rogue detection". I was excited because I thought rogue detection would accomplish this. However, when I connect an autonomous AP to my wired network it does not get identified as being on my wired network despite the "rogue detector" being in place and connected to a trunk port with all network vlans on it. In thinking through this I believe this is because the radio mac and ethernet macs are different on the autonomous AP. The ethernet mac of the autonomous rogue AP is in the rogue detector dB, not the radio mac. So when the detecting APs sends the radio mac to the rogue detector it doesn't get flagged. Can anyone confirm this? And if so offer any insight to a workaround. I was able to get a "rogue client" flagged as a threat connecting via this AP, because it arp entry is in the rogue detectors dB. But I can't get the AP flagged. If this is the case then rogue detection is more or less useless to me because I care about rogues on my network (obvious security breach) not rogues in other businesses in my area. I rather now when the rogue AP goes in and not have to wait until a rogue client connects to it. Please advise....
    Regards Chuck

    Network Chemistry makes a free tool (as well as a more advanced product you can buy) that might fit the bill for you. It relies on people properly classifying the devices on their own network with the free tool to build a database of device types based on the vendor ID digits of mac addresses, as well as some snmp scanning (I think). A link is below. I don't have a lot of experience with the tool, only because I'm not entirely convinced of it's accuracy, but to be honest, I've never really used it in a production environment
    Good luck!
    -Chris
    http://www.networkchemistry.com/products/roguescanner.php

  • Rogue APs

    Hi All,
    I have a couple of question in regards to rogues and rf grouping.
    Does the controller count the rougues access points when calculating channels assignments in the network?
    The current setup has each floor in a separate RF group, does the APs in a RF group consider another AP from a different RF group a foreign Access Point? also when it is beneficial to have each floor in a separate RF group?
    Thank you all

    Hi,
    A WLC on a mobility group may see APs joining other WLCs on same mobility group as rogue devices IF they are in different RF groups.
    This depends on the AP authentication configuration. (security -> Wireless Protection Policies -> AP Authentication).
    If the value is set to "None" then different RF groups do not matter. If the value is set to "AP Authentication" then if two APs are in two RF groups the WLC will probably raise the rogue flag.
    The above was true before different RF groups on same WLC were possible.
    I don't honestly know the behavior when two different  RF groups are configured on the same WLC. (You may try changing the AP Authentication config and feed us back ).
    HTH
    Amjad
    Rating useful replies is more useful than saying "Thank you"

  • WLSE Not showing the RSSI the AP reported Rogue APs in my scanning-only mod

    Hi guys
    I have a WLSE version 2.15.1 which is configured to detect Rogue AP, APs are 1242, when I see the Unknown AP detail the RSSI has a value of 0 for all Rogue AP detected any help or suggestions, I will be very useful.
    Thank you.
    Greetings

    If the RSSI value is zero, then the AP is not active at all. Do you see the same value for all the APs. Does the WLSE provide correct RSSI values for the known APs?

  • I just updated my iPhone and my ap icon is gone. How do I download aps?

    I just updated my iphone with new is. My aps and ap icon did not reload. How do I restore this?

    If you mean the App Store app is missing, check Settings>General>Restrictions to be sure that Installing Apps is set to On.  If it is, then look on all your screens and inside all your folders.  If you still can't find it go to Settings>General>Reset>Reset Home Screen Layout.  This will restore the home screen to its original configuration but may move other apps around to do so.
    If you mean that your apps are missing, sync with iTunes to transfer them back to your phone.

Maybe you are looking for

  • Can't open photo attachments from Gmail through Safari - Ipad2 ios7.1

    I have an ipad2, running ios7.1 If I try to open a photo attachment from www.gmail.com (in Safari, not Mail app) it causes my ipad to hang. Here's what happens for a 2mb test jpg I just sent myself: 1. Open email in Safari 2. Click on the thumbnail o

  • Finger Print error in SFTP receiver adapter

    Hi Experts ,      I am getting following error in SFTP receiver channel, here I have nominated the password based authentication rather than certificate authentication method in channel. And I have created finger print in NWA and shared with SSH serv

  • PL-SQL Solve: Using INSTR and SUBSTR

    I am trying to work on this and cannot get a solution. Please help You have to use INSTR and SUBSTR to solve Question: You have the following acceptable value Numberic: 0-34 80-100 or Non Numberic X S U D- D D+ Im have to use INSTR and SUBSTR functio

  • How to automatically turn off leds after 1 minute/button press

    I need help on how to turn off my LEDs 1 minute after my program starts or when the stop button is pressed.. I tried putting a while loop over the LEDs but it doesn't work.. Also the score automatically resets after 1 minute.. how do I maintain the s

  • Shape tool problems with up/down arrow increments

    I use Illustrator CS2 on MacBook Pro 2.5 (2008) with Snow Leopard. When using the shape tool and trying to control it with the up/down arrows to either change the radius of a curve, the number of points to a star, etc., instead of getting of smooth p