Problems probing for rogue access points

Similar Messages

• Rogue Access Points

  Hi everybody,
  I have a question about Rogue Access Points.
  We have a Wlan controller (2504) and it sees rogue access points.
  I know there are some tools, if you tell it that it's a bad rogue access point, it starting to kick people of that access point. Just to be sure that no one is on that access point that can join your network for some reason.
  But with the Cisco 2504 i have some options. As you all will know.
  But i wonder what happens if i set it to malicious. I know what friendly means. I don't want that i screw up that access point of our neighbours. But now it stays there in the rogue list. I tell it's friendly and thats oke but i wonder what happens if i tell the controller that it's malicious and then i say contain.
  I get a warning message from the controller about some legal things etcetc. so i cancelled it.
  Can anyone tell me? :-)
  Thanks!
  Henk Feenstra

  No problem... So if someone contained one of my AP's, I would see it in the log and would know what AP is doing the containing.... Then I would have to walk over to the company and politely asked then to stop:)   This is what you would see:
  1
  Thu Feb 21 18:49:05 2013
  Warning: Our AP with Base Radio MAC f4:ea:67:0e:6f:80 is under attack (contained) by another AP on radio type 802.11b/g
  This is what you will see in the syslog:
  *spamApTask1: Feb 21 18:49:05.141: #LWAPP-1-AP_CONTAINED: spam_lrad.c:33698 AP AIR-CAP3602E-A-K9-MAP is being contained on slot 0
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Pinpoint Rogue Access Points

  All,
  Does anyone know of a way to pinpoint rogue access points be it equipment or software?  Everything I can find so far gets you close but dies not exactly pointpoint the location.
  Thanks in advance!  All replies rated

  WCS along with controllers and a location appliance and properly placed APs can do a very good job placing rogues, clients and tags on maps for location.
  As a start you will want to take a look at the deployment guide for the MSE:
  http://www.cisco.com/en/US/products/ps9742/products_tech_note09186a00809d1529.shtml
  The information in this guide will give a good jumping off point for locating devices using WCS and Location.
  Chapters 5 and 6 of the WCS Configuration Guide also have valuable information:
  http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/WCS60cg.html

• Looking for an Access Point with 2 Ethernet ports and powered via PoE

  Hi Gurus,
  I am looking for an Access Point with 2 Ethernet ports and the access point can be powered via PoE. I have been assigned with a requirement where the rooms need to have access point as well as an Ethernet Cable provided from the Access Point as a backup for connectivity.
  The room only has one data cable coming from the main IT room as well does not have a spare power socket to power the Access Point. Will be good if it can be centrally controlled or controller based.
  Any recommendations?
  Regards
  J

  For the backup plan, the cheapest solution may be to just run a couple new cat5e drops to the room(est cost $250). If not then purchase a small Cisco POE switch for the room(est cost $2k). For wireless I would purchase a POE enabled Cisco AP. But you will need to verify the POE switch/blade you will be connecting the AP to can power the AP you buy. I got burned by that issue when we purchased some Cisco 1251 AP's with dual radios and they needed more power than our 4500 POE blades could handle. We were told we would need to purchase new 48 port 10/100/1000 blades or power injectors. Our Cisco sales vendor took the heat for that mistake.
  Posted by WebUser Steven Kinney from Cisco Support Community App

• QOS config 4500 switchport for Lightweight access point

  What is the best QOS configuration what needs to be applied on a 4500 switchport for Lightweight access point.

  Hi,
  If you are asking about Layer 2 QoS configuration for switch-port then it is global command, which will apply on all switch-ports, not for any specific switch-port. 
  As far as switch-port mode is concern which in connected to LWAP then yes it is better you keep it in default mode.

• License for Monitor Access Point

  Dear Friends,
  I have a 5508 controller with 200 access points . I have additional 10 access points to be used as Monitor Mode, as this will be connected to the MSSE. Question here is does the monitor access points requires licenses to configure on the controller or does IPS license of 25 AP's is enough for MSE.
  I think for these 10 Monitor Access Points, we need to have licenses for the controller as well as MSE license for the access point. Am I right in this assumption?
  BR,
  Sid

  Hi Sid,
  the license on the WLC is for "joined APs" whatever is their role. So monitor mode APs count the same as other APs.
  Regards,
  Nicolas

• IOS to LWAPP for 1130AG Access Points

  We have initially installed IOS-based 1130 APs. If we would be upgrading it to LWAPP mode, could we pushed IOS-to-LWAPP upgrade thru the network? what procedures are required?

  Hi Leopoldo,
  This is possible and fully supported and can be done using the "LWAPP Upgrade Tool". Have a look at the following;
  LWAPP Upgrade Tool Troubleshoot Tips
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008072d9a1.shtml
  Access points must run Cisco IOS Release 12.3(7)JA or later before you use the upgrade tool.
  System Requirements
  You can use the Autonomous to Lightweight Mode upgrade tool to install Cisco IOS Release 12.3(11)JX on these access points:
  All 1100 series access points containing MP21G (802.11g) radios
  ***All 1130, 1230, and 1240 series access points
  All modular 1200 series access points running Cisco IOS software and containing these supported radios:
  802.11g: MP21G, MP31G
  802.11a: AIR-RM21A-x-K9, AIR-RM22A-x-K9
  All 1300 series access points in access point mode
  http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/b311jx1.html
  Cisco has released a free tool called the "Autonomous to Lightweight Mode Upgrade Tool" that allows selected Cisco Aironet autonomous access point models to be configured for lightweight mode operation.
  The Autonomous to Lightweight Mode Upgrade Tool supports the following models:
  Cisco Aironet 1240AG Series access points
  Cisco Aironet 1230AG Series access points
  Cisco Aironet 1200 Series access points that contain 802.11g (AIR-MP21G-x-K9) and/or second-generation 802.11a radios (AIR-RM21A-x-K9 or AIR-RM22A-x-K9)
  Cisco Aironet 1130AG Series access points
  **Cisco Aironet 1100 Series Access Points that contain 802.11g radios (AIR-AP1121G-x-K9)
  Cisco Aironet 1300 Series Access Points/Bridges (AIR-BR1310G-x-K9 or AIR-BR1310G-x-K9-R). A Cisco Aironet 1300 Series operating in Lightweight Access Point Protocol (LWAPP) mode only operates as an access point. This series does not support LWAPP bridging mode.
  The Autonomous to Lightweight Mode Upgrade Tool supports a process to migrate an autonomous access point from autonomous mode to lightweight mode. Unlike a VxWorks to Cisco IOS Software upgrade, this process is a Cisco IOS Software upgrade to the existing Cisco IOS Software image-not an operating system "swapout". In converted access points operating in lightweight mode, Cisco IOS Software continues to run on the access point, while LWAPP is used to communicate with a wireless LAN controller. Since LWAPP supports automatic access point configuration, there is no need to retain or convert the original autonomous Cisco IOS Software access point configuration.
  http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_white_paper0900aecd804f1a23.shtml
  Cisco Aironet Access Point Support for Lightweight Access Point Protocol
  http://www.cisco.com/en/US/products/ps6521/prod_bulletin0900aecd80321a2c.html
  Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp157147
  Hope this helps!
  Rob

• API for setting Access points with PEAP programmatically

  Dear Godly developers,
  Would like to find out if there is any APIs for setting Access points with PEAP programmatically?
  Regards
  hAoZ

  Thanks for your response. We don't have the Wireless LAN Controller installed and have only configured directly through the AP's, which don't seem to have any configuration changes regarding Aironet IE's. Is there a config change that needs to be made just on the AP's? Or is the Wireless LAN Controller software necessary to make this change?
  Thanks again.

• Rogue Access Point Detected

  I am receiving "Rogue Access Point Detected" on some of my Cisco 1242 Autonomous AP's.  Is there anything I can do to understand if this is a real threat? How can I make any use of these alerts?

  Any access point that is not part of your WLC mobility group will show up as rogues. How you can make use of these reports is within WCS / NCS or the controller you can label the rogues as friendly's if you know about them. Lessens the alerts. You can also run a AP in rogue detector mode whereby allowing the system to determine if the rogue is on your wired.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Mail for Exchange - Access Point question

  Hello,
  When setting up Mail for Exchange, you need to input the Access Point.  I cannot find an option to select "Ask for Access Point" or something along that line.
  I use wireless access points and when I go from one spot to another I have to change my settings just to sync.
  Does anyone know of an option, if not how could I file for a feature request?

  The specific problem can be resolved. How did you hard reset your phone? You should hard reset your phone (some key combination which I cannot remember, press four keys simultaneously). Then format mass memory. Reinstall the firmware. Otherwise let Nokia Care reflash your phone. I had issues with freezes when I hung up a call, but that was resolved when Nokia Care reflashed my phone. 
  My phone is currently broken, so I cannot help you further.
  Erik

• Problem with Cisco 1240AG Access Points

  I have a Cisco 1240AG Access point (P/N ? AIR-LAP1242AG-A-K9).
  It has come in the lightweight mode.
  I just want to know whether I can put it to the autonomous mode.

  Hi Indika,
  Here is a conversion method (look most of the way down the attached doc);
  Reverting the Access Point Back to Autonomous Mode
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
  You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
  Using a TFTP Server to Return to a Previous Release
  Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
  Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
  Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
  Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
  Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
  Step 5 Disconnect power from the access point.
  Step 6 Press and hold MODE while you reconnect power to the access point.
  Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
  Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
  Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
  From this doc;
  http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html#wp161272
  Hope this helps!
  Rob

• Need Information For Connecting Access point to WLC 4402

  Hi Friends
  I need Some information for Connecting  my New Access point ( Cisco AIRLAP 1242AG) with WLC(4402) Controller
  In our network set up we have two WLC(4402) we needs to Connect this New Accesspoint To one of our WLC
  My Access point is brand New. I need to Know what all i have to do inorder to connect this AP to the controller (from Acesspoint perspective & WLC perspective)
  I need to Know  what I need to do in AP to connect to the Controller
  Do i need to Assign Static IP Address forAP or after connecting to the switch it automatically gets ip from DHCP and regsiter with controller??
  Do i Need to Configure my AP with default gateway(the switch to which is connected ?) & DO i need to configure the AP with  Controller Ip address ??
  Pls Assist
  Regards
  Safwan

  Hi Scot...
  We tried Connecting the Access Point yesterday, but it failed....
  We are using Cisco 3500 Access point ...
  when we connected , first it automatically got an ip address using DHCP but following error occurred
  P70ca.9bd5.77c6#
  AP70ca.9bd5.77c6#
  AP70ca.9bd5.77c6#
  Not in Bound state.
  *Mar  1 00:13:56.539: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination
  *Mar  1 00:13:56.555: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne
  d DHCP address 10.50.11.26, mask 255.255.0.0, hostname AP70ca.9bd5.77c6
  *Mar  1 00:14:04.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
  .182.0 on WLC USSTLController01
  *Mar  1 00:14:14.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
  .182.0 on WLC USSTLController01
  *Mar  1 00:14:24.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported
  version 6.0
  .182.0
  version 6.0
  .182.0
  on WLC USSTLController01
  version 6.0
  .182.0
  Then I COnfigured Ap with  Static ip address & default gateway & controller Ip but tht too didnt work...
  .182.0 on WLC USSTLController01
  AP70ca.9bd5.77c6>
  AP70ca.9bd5.77c6>
  AP70ca.9bd5.77c6>
  AP70ca.9bd5.77c6>
  *Mar  1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
  3750X-48P (e05f.b907.9a20)
  AP70ca.9bd5.77c6>
  AP70ca.9bd5.77c6>
  AP70ca.9bd5.77c6>en
  Password:
  AP70ca.9bd5.77c6#
  *Mar  1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
  . Renewing DHCP IP.
  AP70ca.9bd5.77c6#
  AP70ca.9bd5.77c6#
  AP70ca.9bd5.77c6#
  P70ca.9bd5.77c6>
  *Mar  1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
  3750X-48P (e05f.b907.9a20)
  AP70ca.9bd5.77c6>
  AP70ca.9bd5.77c6>
  AP70ca.9bd5.77c6>en
  Password:
  AP70ca.9bd5.77c6#
  *Mar  1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
  . Renewing DHCP IP.
  I also  Need to Know Cisco Access point 3500 can be associated with WLC 4402 ( version 6.0.182.0) ??
  Pls Advice How to proceed further

• Question about using "dumb terminals" for multiple access points

  For both home and a small busniess setting I have been trying to find info about the possibility of using some form of dumb terminal to provide multimple acces points to a single computer rather than a network of multiple computers.
  I would like to use my LCD TVs, (which have AV and PC inputs) as monitors. I am going to purchase a new mac soon, and it seems it would make sense to spend more on 1 mac with more capability rather than 5 mac-minis (yes, I am trying to have 5 access points, with one one mac).
  I have CAT5 running to all the locations I want to use, I also have airport.
  For the most part I'm expecting only one user at a time, but occasional two. OS X is multi user, but can it support simultaneous users?
  I have searched the discussions/forums and some google searching. Maybe I'm asking the wrong questions. But, I can't imagine that I am the only person who has thought of this.
  If you have any thoughts or suggesting for further searching I would appreciate it. Thanks

  On each of these 'dumb terminals' I assume you are looking to access the complete Mac desktop from the central Mac?
  Unfortunately, this can't be done.
  In the past, the setup you describe first was used on mainframes where each end node was a dumb terminal. But it was just text.
  Next came X11 which does mostly what you are asking about, but each end node is basically a full computer in itself. You can remotely log into a central server and get a complete desktop session. This would take using a central computer that is running full X-Windows and then you'd need a PC running Linux, or running Windows and a X-Terminal package like Exceed or a Mac with X11 installed (not sure if you can make the Mac X11 do a full-blown desktop X session.) Note that as the central server, you'd need a computer running an OS with full-blown X-Windows (Linux, Solaris, HP-UX, etc.) -- OS X is UNIX but it doesn't run full X-Windows as its window manager.
  Finally, there is what are called 'thin clients' ... a good example is Sun Microsystems' SunRay... it's enough hardware on the client side to provide display, keyboard and mouse. They boot off a central Sun Solaris server and work just like X-Windows clients. The difference here is that the SunRay unit can't work on its own; it has no disk, and has to boot from the SunRay server.
  And of course there's Windows Terminal Services, which lets you do the same thing with Windows. I think that takes Windows Server edition software on the central computer, and then a regular PC as a client.
  Sounds like your only option is to use Mac minis as you suggest. But then there's no need for a central computer to share, obviously.

• AP 1231G: Two listing in Netstumbler for Cisco access point

  Hi
  We are having problems with an Access Point deployed in our infrastructure. An anominally, we are experincing, is our access point shows two listings in netstumbler. One shows the SSID and channel, the other shows the MAC of the lan connection, the host name of the AP and the IP assigned to the AP.
  How do we disable the lan side from showing up? We have twelve deployed and this is the only one showing this anominally.
  thanks you

  Are you associated to that AP by any chance?

• Does Cisco Prime have support for HP Access Points?

  I am trying to sell a solution to a client with dozens of large warehouses with a large existing HP wireless solution.  I want to sell them on a Cisco wireless solution involving Prime to manage/monitor their current HP Access Points while we do a phased replacement to Cisco WLC and APs.
  I cannot find listed in the documentation whether Cisco Prime has support for the HP access points though.  I see it has 'some' support listed for some Aruba controllers, but not anything else.

  I am trying to sell a solution to a client with dozens of large warehouses with a large existing HP wireless solution. I want to sell them on a Cisco wireless solution involving Prime to manage/monitor their current HP Access Points while we do a phased replacement to Cisco WLC and APs.
  Prime will only support products with a "Cisco" logo.  
  Note:  Prime 2.2 will start supporting Meraki product.