How to Prevent or Block Rogue APs from Joining Your Wired or Wireless WLANs

Hi all, I deployed a WLAN with 1 WLC 4400 and 5 1252AP. I do not see the way to Block Rogue APs from Joining the Wired or Wireless WLANs

PART 1
There are three parts to this:
1. detect - automatic
2. classify - by default APs are untrusted/unknown, various methods can be configured to classify them as trusted and threat (connected to wired network).
3. over the air contain (aka mitigate) - in 4.x this is manual, in 5.x you can configure auto-containment
First you need to detect. WLC does this automatically out of the box. It listens the air for unknown APs, clients and ad-hocs. Are you seeing Rogue APs under Monitor > Rogues > Rogue APs?
Next, you can manually classify rogue APs as "known" (internal or external). Starting with 5.0 you can also build rogue rules based on RSSI, SSID, Clients, etc. If an AP is classified as "known" (internal or external), WCS stops alerting you.
Another key classification piece is to detect whether or not the rogue AP is physically connected to your network which is a high security risk. There are three ways WLC can detect it and neither of them is automatic. You must configure these methods manually.
1. Rogue AP Detector, aka ARP sniffing. You have to dedicate one AP as "Rogue Detector" (change AP mode from local to rogue detector). Configure the port the AP is connected to as switchport mode trunk (normally it's switchport mode access). Rogue Detector AP turns off and doesn't use its radios. When WLC detects rogue APs it can also detect the MAC addresses of any clients associated to that rogue APs, and the rogue detector AP simply watches each hardwire trunked VLAN for ARP requests coming from those rogue AP clients. If it sees one, WLC automatically classifies the rogue AP as "threat" indicating that the rogue AP is physically connected to your network. It doesn't actually do anything with the rogue AP, it simply classifies it and alerts you. Also, keep in mind that this method doesn't work if the rogue AP is a Wireless Router, because Wireless Routers NAT and ARP requests don't propagate to the wire.
2. RLDP. Rogue Location Discovery Protocol. This feature is by default turned off and can be enabled under Security > Wireless Protection Policies > Rogue Polices. This feature works only when the rogue SSID is open, meaning that it's not using WEP/WPA/802.1x. When you enable RLDP, your WLC will pick some AP (you can't pick manually) which hears Rogue AP traffic, it will temporarily shut off its radio, turn it into a client, and instruct it to associate to the Rogue AP as client (this is where the requirement comes in for the Rogue SSID to be open authentication). Once associated, AP gets a DHCP IP through Rogue AP, it then sends a special small UDP port 6352 RLDP packet to every possible WLC's IP address (mgmt ip, ap manager ip, dynamic int IPs). If WLC gets one of those packets, it means that rogue AP is physically connected to your network. This method will work when Rogue AP is a Wireless Router. But this method is not recommended. It has an adverse effect on your wireless clients because RLDP AP goes offline for a period of time disconnecting your clients and forcing them to associate to another AP. Also, keep in mind, that WLC runs this RLDP process *once* per detected rogue AP. It doesn't periodically do this, it only does it once. In some later WLC versions, you can configure RLDP to run only on "monitor mode" APs, eliminating impact on your clients. Also, you can manually trigger RLDP for a rogue AP from CLI "config rogue ap rldp initiate ". You can "debug dot11 rldp" to see the process.
3. Switchport Tracing (need WCS, and WLC 5.1). This is a later feature that requires WCS. You can add your Catalyst switches to WCS, and WCS will look at CDP information and MAC tables on your switches to detect whether or not Rogue AP is connected to your network. This works with secured and NAT rogues. You can also *manually* instruct WCS to shut down the switchport that Rogue AP is connected to.

Similar Messages

  • How to prevent a text in script from displaying if its value is zero

    Dear all,
    How to prevent a text in script from displaying if its value is zero
    for eg   Price  = 0.00
    if price is 0 it should'nt appear in output.
    I tried with    if price ne 0.
                       price = &price&
                        endif.
    but it's not working.
    Regards
    Raj
    <MOVED BY MODERATOR TO THE CORRECT FORUM>
    Edited by: Alvaro Tejada Galindo on Jan 20, 2009 8:59 AM

    Hello Nagaraju,
                           What you were doing is partially right.
    The correct format to write in the script is as follows :
    /:  if &PRICE& ne 0.
      &PRICE&
    /:  endif.
    This should work. Let me know how it goes.
    Nayan

  • HT1338 trying to download mountain lion OS, but whenever the net connection is broken it restarts from zero, how to prevent this and start downloading from the point it was disconnected

    trying to download mountain lion OS, but whenever the net connection is broken it restarts from zero, how to prevent this and start downloading from the point it was disconnected

    Disable anti virus software and try turning off the Firewall in System Preferences > Security & Privacy > Firewall.
    Quit then relaunch the App Store. From the menu bar click Store > Sign In
    Then click Store > Check for Unfinished Downloads

  • How to prevent IPV6 entries in DNS from server End

    Hello,
    My concern is to stop the IPV6 DNS entries being added to the DNS , but the main goal is to prevent it from the server end instead of going and disabling the IPV6 entries on each client machine.
    I have gone through this article but my goal is to fix it from the server end
    http://social.technet.microsoft.com/Forums/en-US/cd1a87f0-caf3-498e-9a20-e728e474b626/how-to-prevent-ipv6-addresses-from-being-registered-in-dns-server?forum=winserverDS
    Looking forward for the reply.
    Muhammad Asif Server Administrator Linux/Windows

    Hi,
    You can use Group Policy to disable IPV6 on clients within your domain, assuming you have an Acgive Directory environment.
    There are ADM/ADMX templates that are actually doing this. You just have to import it on PolicyDefinition folder on one of your domain controller then configure a group opliy and link it to your structure.
    http://social.technet.microsoft.com/wiki/contents/articles/5927.how-to-disable-ipv6-through-group-policy.aspx
    Hope this help.
    Regards,
    Calin

  • Finding rogue APs that are on wired network

    I am beginning to think that there is no way to gaurantee that a rogue AP is connected to your wired network. I have read up on RLDP and "rogue detection". I was excited because I thought rogue detection would accomplish this. However, when I connect an autonomous AP to my wired network it does not get identified as being on my wired network despite the "rogue detector" being in place and connected to a trunk port with all network vlans on it. In thinking through this I believe this is because the radio mac and ethernet macs are different on the autonomous AP. The ethernet mac of the autonomous rogue AP is in the rogue detector dB, not the radio mac. So when the detecting APs sends the radio mac to the rogue detector it doesn't get flagged. Can anyone confirm this? And if so offer any insight to a workaround. I was able to get a "rogue client" flagged as a threat connecting via this AP, because it arp entry is in the rogue detectors dB. But I can't get the AP flagged. If this is the case then rogue detection is more or less useless to me because I care about rogues on my network (obvious security breach) not rogues in other businesses in my area. I rather now when the rogue AP goes in and not have to wait until a rogue client connects to it. Please advise....
    Regards Chuck

    Network Chemistry makes a free tool (as well as a more advanced product you can buy) that might fit the bill for you. It relies on people properly classifying the devices on their own network with the free tool to build a database of device types based on the vendor ID digits of mac addresses, as well as some snmp scanning (I think). A link is below. I don't have a lot of experience with the tool, only because I'm not entirely convinced of it's accuracy, but to be honest, I've never really used it in a production environment
    Good luck!
    -Chris
    http://www.networkchemistry.com/products/roguescanner.php

  • How to prevent middle names and titles from appearing in contacts

    My iPhone is syncrhonised with MS Outlook, and I've used Outlook as my system of record for contacts for many years. I have hundreds of contacts in Outlook, many of which contain middle names and titles.
    The problem is that the iPhone displays every contact as Title FirstName MiddleName Surname Suffix. For many of my contacts, particularly when viewed in the Favourites list, I can't even see the contact's surname because the contact's title, first name and middle name(s) take up so much of the row.
    How can I stop my iPhone from displaying titles and middle names? Is there a setting somewhere in iTunes that will prevent these fields from being transferred to the iPhone?

    @NFH
    I am also experiencing this problem, but I think it started with one of the later iOS 3.x releases or possible iOS4. All of my contacts display their job title (eg. "Senior Vice President of Worldwide Sales & Operations") which given the screen real estate means that NONE of the actual Contact name is visible.
    This is only happening on my iPhone 3GS (iOS 4.0.2) and does NOT happen on my Mac, my me.com, nor on my iPad (iOS 3.2.2). Which, again leads me to believe this problem was introduced in iOS4.

  • How to prevent Pivot Table Data Source from being changed automatically?

    I have an excel file that contains a Pivot Table that references a table within the workbook (Data Source = "MyTable").  When I save the file and copy it, the copy contains a reference to the original file.  Instead of displaying, "MyTable",
    it shows  "OldFilename!MyTable" where OldFilename is the name of the original file, not the current file.
    How do I prevent this from occurring.  It is only doing this on my current machine, if I perform these steps on a different machine, the problem does not occur and the Data Source property stays the same as it should.
    What setting(s) do I change to fix this problem?
    Thank you in advance for your help!
    Michael

    Hi Michael,
    How about the issue now, is it solved?For the 'data model' feature,please refer to:
    http://blogs.office.com/2012/08/23/introduction-to-the-data-model-and-relationships-in-excel-2013/
    let us know if you have any additional questions or concerns.
    Best regards,
    Wind

  • How to prevent USB or firewire drive from mounting?

    If I have a USB or firewire drive connected to my mac at startup, but I don't want the Finder to mount it at startup, how would I go about it? If I can't prevent it from being mounted, is there a way to have it unmounted as soon as possible?
    TIA
    iMac G5   Mac OS X (10.3.9)  

    Eject the drive and disconnect the cable to the USB or FW port.

  • How To Prevent My Laptop's Screen From Succumbing To Evil Green Pixels?

    Hello, I know this seems to be a common problem on the forums but... A while ago my display started showing evil bright green pixels that created a distracting and unsightly mess. It was under apple care. I waited to see if an update would fix it, and before my apple care ran out I took it in and had it fixed. Could it be that I could know what they saw wrong with it? Because I got the computer back, fixed, and they didn't tell me what had been the problem. Is this available on the Internet? Two weeks later I started getting the EXACT same problem. Even though apple care repairs are under warranty the apple genius I talked to told me they would charge to fix it, fix it again, because I had dinged the top of the laptop. This really peeved me. The good news is that it's not always like this, and most of the time now the display is fine. The bad news is that I've been getting the problem more and more frequently, which is exactly what happened last time until the evil green pixels never went away. So the problem flickers, but it's happening more often...
    My question is does anybody know anything I could do to prevent this from occurring? Of note is that last time this happened it didn't cure it completely but it helped to diminish my screen resolution. The most recent time the green pixels came back though and it didn't matter the resolution. Does anybody know if this is a hardware or a software problem? Could the fact that it comes and goes, and eventually never leaves, mean that I am causing it to happen without knowing it? Does anybody know if this is a software or a hardware issue? I am going to run the apple hardware test and soon as I can, although I think last time I did that it was fine but I will double-check. I don't want to pay apple to fix it if it will break again. I am prepared to face the harsh reality of a world with a distorted but functional laptop screen. Thanks for reading!
    Message was edited by: sumnerfs

    Oh, one of my loveliest topics. ;)
    The best way to clean a lcd screen is to take a lcd cleaning spray and a cloth. But thats not all, the secret is to take a microfiber cloth to clean the screen up.
    Perform the cleanup in these steps:
    1. Spray the Display Cleaner on the whole screen. Be generous when spraying the cleaner on it.
    2. Dont use the microfiber cloth for the first cleanup, thats the step where you remove the big dirt. Use a ordinary cloth.
    3. Ok, rubb the screen dry, it doesnt matter if some stripes are left, thats OK.
    4. Now, spray the cleaner again on the whole screen, but not much, it should only cover the surface of the screen.
    5. Take microfiber cloth and clean the screen how you would clean a window. E.g. from top to down but dont stay at one point, just go top down.
    6. I know its not perfectly (good if yes ;) ) but I tried it many times and everyone has its own technique.
    Good luck and a clean display :)
    Greets

  • How to prevent display color option settings from disappearing after a restart of Firefox?

    I like to display specific text, background and link colors overriding pages' defaults; that info disappears almost after every Firefox restart. These settings are set in: Firefox>Options>Options>Content>Colors and having to reset them almost every time I start F is a pain.
    An ideal solution would be to allow a user to save their color picks as a separate "theme". I would then prefer to have 3 such saved themes that would be easy to switch at a push of a button:
    1. Light text on dark background (dark screen, less contrast) for a dark room;
    2. Lighter text on dark background (dark screen, more contrast) for a bright room;
    3. Firefox default.
    Finally, replacing a color palate with few colors with a color wheel from OS would be ideal and relatively simple to implement.
    This may or may not be related but preferred magnification of text on each individual page is also often lost (reset to default).

    See if the following article helps.
    * [[How to fix preferences that won't save]]
    Overriding web site colors may not be good idea because it also gets rid of background images. Some sites set background images for certain web page elements to display information that's crucial to using the site (like text for buttons).
    You can use the Stylish add-on to manage user styles that change the appearance of web pages in various ways. You can click the Stylish toolbar icon and enable or disable styles that are applied to the current page.
    # Install Stylish and restart Firefox when prompted.
    #* https://addons.mozilla.org/firefox/addon/stylish/
    # Click the ≡ Menu Button and choose Add-ons.
    # In the Add-ons Manager, click User Styles on the left.
    # Click the Write New Style button at the top. Paste the following in the text box, give the style a name, then click the Save button.
    <pre><nowiki>
    @-moz-document url-prefix("http://"), url-prefix("https://") {
    /* Dark background and light text. For more color names, see http://www.w3schools.com/HTML/html_colornames.asp */
    * { background-color: rgb(20,20,20) !important; color: whitesmoke !important; }
    a:link { color: royalblue !important; }
    a:visited { color: blue !important; }
    a:hover { color: lightblue !important; }
    a:active { color: red !important; }
    }</nowiki></pre>
    <pre><nowiki>
    @-moz-document url-prefix("http://"), url-prefix("https://") {
    /* Light background and dark text. For more color names, see http://www.w3schools.com/HTML/html_colornames.asp */
    * { background-color: whitesmoke !important; color: rgb(20,20,20) !important; }
    a:link { color: royalblue !important; }
    a:visited { color: blue !important; }
    a:hover { color: dodgerblue !important; }
    a:active { color: red !important; }
    }</nowiki></pre>
    You can install the Rainbowpicker add-on to choose any color everywhere in the Firefox interface (like Options/Preferences - Content - Colors).
    * https://addons.mozilla.org/firefox/addon/rainbowpicker/

  • How to prevent Terminal's character encoding from changing

    I have a command-line script that runs continuously, and occasionally echos to STDOUT some binary data that, apparently, changes the way Terminal displays certain characters. Is there any way of preventing this from happening? Say, by locking down Terminal's character-encoding?
    ...Rene

    Rene,
    I am not sure if you can prevent this thing from happening but you can set things back to normal by using the reset.
    Another possible solution is to write the output of STDOUT to a file so that it will not be displayed on screen.
    Mihalis.

  • How reman backup the blocks being written from memory to disk

    Hi All,
    I am thinking about one case when backuping the datafiles with RMAN.
    That is the rman is about to backup block A when this block is being written by DBWR from memory to disk.
    Let's assume the writing is just partially done. What will RMAN do in this case?
    1. Wait until the writing is done and back it up
    2. Backup what RMAN sees at that time
    I am just wondering whether the choice 2 will leave the block inconsistent and so be taken as corrupt when restored.
    Best regards,
    Leon

    user12064076 wrote:
    Hi All,
    I am thinking about one case when backuping the datafiles with RMAN.
    That is the rman is about to backup block A when this block is being written by DBWR from memory to disk.
    Let's assume the writing is just partially done. What will RMAN do in this case?
    1. Wait until the writing is done and back it up
    2. Backup what RMAN sees at that time
    I am just wondering whether the choice 2 will leave the block inconsistent and so be taken as corrupt when restored.
    Best regards,
    LeonHi Leon
    That's why if you don't take backup of archived redo log file that was generated after the full backup, the backup is considered "inconsistent". If you use "backup database plus archivelog" command, this means that after backing up the database, RMAN switches redo log files and archives it to make the whole backup "consistent"
    Kamran Agayev A.
    Oracle ACE
    http://kamranagayev.com

  • How do you block a person from texting your phone?

    I have had a strange number texting me and I want it blocked immediatly and I have no clue how.

    check out this thread:
    https://community.verizonwireless.com/message/863761#863761
    the process for blocking a number via MyVerizon also works for texts

  • How to prevent movies on Apple TV from disappearing?

    I used to be able to see all of my movies on Apple TV via home sharing.  Lately, they keep disappearing.  The only remedy i have found is to go into iTunes and "get Info" one by one on each movie and then it reappears on Apple TV.  I don't change a thing.  The simple action of "get Info" is enough.  Anybody have a suggestion on a better way to resolve?  I don't think going throiugh several hundred movies one by one is a great solution.
    x
    BTW - i dont think this has anything to do with it but i will share that all the movies reside on asynology NAS.  The reason i doubt that the NAS has anything to do with the issue, i can paly any of them on iTunes with no problems.  And yes, all of them are labeled with the media type = 'Movie'
    Thanks in advance for any help offered.

    Totem wrote:
    The idea of storing songs, movies and photographs on the ATV is to allow the end-user to turn off their computer and just use the device like a stereo/video component.
    Ah! Of course... I wasn't even considering this b/c I'm one of these people who almost never has his computer off b/c I work from home and also do a lot of web surfing, etc. but obviously many many people have the computer shut off much more often than it is on.
    So, alright. I see why the hard drive is there... it just seems so tempting for it to be able to be more of a stand alone device, more like another computer with iTunes on it rather than like a big iPod that sits under my TV. I guess I'll file that away in my tech wish list...

  • Can you prevent a block of memory from being swapped?

    I'm wondering if there's a way to "lock" a section of memory in Java so that it will not be written out to the swap file by the OS.
    Let's say you're writing a client application that will connect to a server, and allow the user (after authentication, of course) to download sensitive information to the client machine and view it. Because the client machine may be in an unsecure environment (i.e. public library terminal, cybercafe, etc), it is desirable to ensure that no trace of the information remains, even in the swap file. The data in question is largely text, so it wouldn't be more than a few hundred KB, therefore I can't imagine it would be a problem to reserve this memory (i.e. it's not like we're starving out other applications running on the same client machine by reserving ALL physical memory).
    Basically I'm looking for something in the API that lets me say to the OS: "don't swap out this block of memory, no matter what". Is there a way to do this?
    I found this in the bug database but it doesn't sound entirely like what I'm looking for (and it's marked as "will not fix" anyway):
    http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4852696

    The simple answer is "no".
    This is a valid concern about the use of crypto libraries in Java.
    Because Java has garbage collection, and can copy anything to any memory region during garbage collection, in practice the crypto library writers choose not to bother about non-swapped memory.
    Implementing non-swapped memory in some operating systems like Windows is not a simple task: I believe that in Windows you need to write a device driver and a Windows Service, like the "Protected Storage Service" that you can find in Windows. The "Protected Storage" is not very used in Windows - it implements only the CryptEncryptData and CryptDecryptData APIs. The real crypto work is done in normal memory, if you check the CryptoAPI Providers that come with Windows.

Maybe you are looking for