Rogue Access Points

Similar Messages

• Pinpoint Rogue Access Points

  All,
  Does anyone know of a way to pinpoint rogue access points be it equipment or software?  Everything I can find so far gets you close but dies not exactly pointpoint the location.
  Thanks in advance!  All replies rated

  WCS along with controllers and a location appliance and properly placed APs can do a very good job placing rogues, clients and tags on maps for location.
  As a start you will want to take a look at the deployment guide for the MSE:
  http://www.cisco.com/en/US/products/ps9742/products_tech_note09186a00809d1529.shtml
  The information in this guide will give a good jumping off point for locating devices using WCS and Location.
  Chapters 5 and 6 of the WCS Configuration Guide also have valuable information:
  http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/WCS60cg.html

• Rogue Access Point Detected

  I am receiving "Rogue Access Point Detected" on some of my Cisco 1242 Autonomous AP's.  Is there anything I can do to understand if this is a real threat? How can I make any use of these alerts?

  Any access point that is not part of your WLC mobility group will show up as rogues. How you can make use of these reports is within WCS / NCS or the controller you can label the rogues as friendly's if you know about them. Lessens the alerts. You can also run a AP in rogue detector mode whereby allowing the system to determine if the rogue is on your wired.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Problems probing for rogue access points

  Hello,
  I have a situation where I am trying to locate a rogue AP in one of my office buildings. When I bring a laptop over there with NetStumbler or Inssider, I get no response from any access points or clients. Its like that throughout the entire building. However when I leave the building, the AP start to come up but I cant get near them.
  I have another build that we have as well and the probing works just fine. Would there be a controller template or access point template that would be causing this problem?
  Here is what I am running:
  Cisco 4400 controller with firmware 4.2.130.0
  Cisco 4400 controller with firmware 5.0.148.0
  Cisco WCS 5.1.64.0
  The access points that are connected to the controller with a firmware of 4.2.130.0 is the one that seems to be stopping my attempts with probing. So far my searching for causes has not turned up anything=(
  Any help would be greatly appreciative.

  What are you seeing in the logs? Are the two controllers being used as primary and secondary? You should keep the code the same, just in case ap's move to the other controller?
  When you see a rouge ap, it will also state which ap's are hearing that rouge ap and the signal strength. If you see it -86db or worse, then it is outside of your building most likely.

• Access Point Modes

  Dear Folks,
  As I have noticed multiple modes in a LWAPP, which is Monitor , Access Point, Sniffer etc. Could you please provide what all functions does it provide than an Access Point?
  Regards,
  Siddarth

  Hi Siddarth,
  Q. What are the different modes in which a lightweight access point (LAP) can operate?
  A. An LAP can operate in any of these modes:
  Local mode-This is the default mode of operation. When an LAP is placed into local mode, the AP spends 60 milliseconds on channels that it does not operate on every 180 seconds. During this time, the AP performs noise floor measurements, measures interference, and scans for IDS events.
  REAP mode-REAP mode enables an LAP to reside across a WAN link and still be able to communicate with the WLC and provide the functionality of a regular LAP. Currently, REAP mode is supported only on the 1030 LAPs. This functionality is included on a broader range of LAPs in the future.
  Monitor mode-Monitor mode is a feature designed to allow specified LWAPP-enabled APs to exclude themselves from handling data traffic between clients and the infrastructure. They instead act as dedicated sensors for location based services (LBS), rogue access point detection, and intrusion detection (IDS). When APs are in Monitor mode they cannot serve clients and continuously cycle through all configured channels listening to each channel for approximately 60 ms.
  Note: From the controller release 5.0, LWAPPs can also be configured in Location Optimized Monitor Mode (LOMM), which optimizes the monitoring and location calculation of RFID tags. For more information on this mode, refer to Cisco Unified Wireless Network Software Release 5.0.
  Note: With controller release 5.2, the Location Optimized Monitor Mode (LOMM) section has been renamed Tracking Optimization, and the LOMM Enabled drop-down box has been renamed Enable Tracking Optimization.
  Note: For more information on how to configure Tracking Optimization, read the Optimizing RFID Tracking on Access Points section.
  Rogue detector mode-LAPs that operate in Rogue Detector mode monitor the rogue APs. They do not transmit or contain rogue APs. The idea is that the rogue detector should be able to see all the VLANs in the network since rogue APs can be connected to any of the VLANs in the network (thus we connect it to a trunk port). The switch sends all the rogue AP/Client MAC address lists to the Rogue Detector (RD). The RD then forwards those up to the WLC in order to compare with the MACs of clients that the WLC APs have heard over the air. If MACs match, then the WLC knows the rogue AP to which those clients are connected is on the wired network.
  Sniffer mode-An LWAPP that operates in Sniffer mode functions as a sniffer and captures and forwards all the packets on a particular channel to a remote machine that runs Airopeek. These packets contain information on timestamp, signal strength, packet size and so on. The Sniffer feature can be enabled only if you run Airopeek, which is a third-party network analyzer software that supports decoding of data packets.
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml
  Hope this helps!
  Rob

• Mac-adress list of manufacturers only for access points

  hello,
  i'm going to look for forbidden access points at the ports of huge network. is there any document that can show me whether a mac adress is an access point or not ?

  If you want to do rogue access point detection then you have a few options:
  1. Scan suspected ranges for port 80 servers as almost every access point has web-based configuration.
  2. Cisco has provided a list of vendor mac address who make Access Points.
  This list is found in their
  "SAFE: Wireless LAN Security in Depth - version 2"
  whitepaper
  Check the link
  "http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09186a008009c8b3.shtml"
  The list is at the very bottom of the whitepaper
  "Table C-7 MAC OUIs Used by Access Point Vendors"
  "Table C-7 provides a partial list of MAC OUIs used by access point vendors. This table was obtained from the aptools site at aptools.sourceforge.net."

• Installing a Linksys Access Point using a Mac

  I apologize for this topic being irrelevant to AirPort, but I am hoping someone can help...
  I am a University student and trying to help my friend who lives in a dorm. At school there is a high speed local network and internet connection (I'm guessing massive amounts of T1s or T3s)... Left behind by a previous roommate is a Linksys WAP54G v2.0 which is a wireless access point NOT a router...I am told that it used to work, but one day stopped...
  I have already reset the WAP (as they call it not to be confused with cell phone browsers)...now the name displays the default "linksys" title. I plug it in to the ethernet jack and "You are not connected to the internet" according to Safari...
  my question is... how do you access the settings for the WAP.... on MY DSL modem and gateway, for example i type in 192.168.0.1 and I have also set this up with Mac OS X for a gaming adapter but i simply cannot figure out the IP address for this router and the Network Preferences to use when I plug the Linksys WAP into my computer. (I tried the default suggestion in my browser 192.168.1.245 but no luck, do I need to enter this in the Network panel of my System Prefs?)
  I do not have the original setup and install CD available, and if I did, we only use Mac OS X... so does anyone have any ideas? Also... is it even possible to use a "Wireless Access Point" as opposed to a Router on a University campus (High speed LAN connected to WAN)? I don't know how it works with the DHCP... I would like for 3 people to be able to use this access point simultaneously.
  Thank you for any help in advance!

  Linksys WAP54G v2.0 which is a wireless access point NOT a
  router...I am told that it used to work, but one day
  stopped...
  It may be dead so this may be futile...
  From the Linksys product page it doesn't seem to support web configuration and the only way is with their PC utility. That means if you don't have VirtualPC you will need a PC.
  I have already reset the WAP (as they call it not to
  be confused with cell phone browsers)...now the name
  displays the default "linksys" title. I plug it in to
  the ethernet jack and "You are not connected to the
  internet" according to Safari...
  The WAP will need to get an IP from the campus DHCP bridged to your laptop and they probably changed the system to not allow wireless bridges. Does the laptop work when plugged into the dorm jack with ethernet? Did you have to register the MAC address? Can you register the MAC address of the wireless card instead of the ethernet?
  is it even
  possible to use a "Wireless Access Point" as opposed
  to a Router on a University campus (High speed LAN
  connected to WAN)?
  It all depends on their policy. Have you asked them?
  I don't know how it works with the
  DHCP... I would like for 3 people to be able to use
  this access point simultaneously.
  Usually they allow one MAC address per ethernet jack and keep control of it so you can't share it! Depending on their sophistication they may also detect rogue access points. If not you might be able to use a wireless router like an Airport Express. Ask them. There may be a hackers way around but that answer won't be found here.

• Rogue BT FON/BTOpenWorld access points

  Hello. I've just opted into the BT FON community and I'm just a little concerned about using BT FON or BT Openworld Wifi access points, as I can't be sure if they are legitimate BT points, or just an open wifi with that name to harvest email account passwords, etc...-
  Is there anything I can do to check on the validity of the BT FON wifi access point? Or will the BT FON app do this for me? I'm using the iPhone app FYI
  Thanks, Chris .
  Solved!
  Go to Solution.

  christatedavies wrote:
  Thanks Ian.
  So I'm guessing I just have to "hope" its not a dodgy one then? No way of really knowing is there?
  Not really.
  Don't think the Cisco VPN will work on my iPhone though...
  Following the links leads to a download page that says:
  ---x---
  Apple iOS systems (iPhone, iPod Touch or iPad)
  This free VPN configuration profile works with devices operating systems using Apple iOS 3.0 or greater
  ---x---
  I know pretty much nothing about iStuff, but that looks to me as though it might work.

• Help me find the required Wireless Access point

  Dear Friends,
  I am in search of a access point with below specification, so please let me know that which model has this functionalities.
  . Wireless Access Point:
  * No of port should be 10Base-T/100Base-TX Ethernet
  * Standard should be IEEE 802.11g, IEEE802.11b, IEEE 802.3, IEEE 802.3u, IEEE 802.3af(PoE), 802.1q(VLAN) , 802.1X(Security authentication), 802.11i ready (Security WPA2), 802.11e ready (wireless QoS), 802.11F(Wireless roaming)
  * LEDs should be power, PoE, Wireless, Ethernet
  * Web Management should be built-in web user interface for easy browser-based configuration (HTTP/HTTPS)
  * SNMP Support should be SNMP version 1, 2c, 3
  * Operation modes should be access point made, point to point bridge mode, point to point multipoint bridge mode, repeater mode
  * External antennas should be 2 (omni directional) SMA detachable
  * Security should be WEP 64-bit/128-bit, WPA-PSK, WPA2-PSK, WPA-ENT, WPA2-ENT
  * Access Control should be wireless connection control: MAC-based
  * Wireless Security monitor should be Intrusion alarms(e.g. rogue client detected, spoofed MAC address) Denial-of-service alarms (e.g. duration attack, association table full) vulnerability alarms (e.g. access point is not using encryption, access point is broadcasting SSID)
  * Power should be 12V 1A DC input, and IEEE 802.3af compliant PoE. Maximum power draw should be 3.36W

  Hello Shekib,
  All you did was describe the WAP200.
  It fully fits in your description.
  Please check it and see with your eyes.
  http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10047/ps10048/data_sheet_c78-501966.html
  I hope i helped you.
  Regards.
  Andrey Cassemiro.

• How can we disable the OSX Access Point functionality without disabling all wifi.

  Curious if anyone knows a way in Lion/Mountain Lion to disable the OSX access point features.
  i have about 50+ macs in our company for iOS development. lately we've had a lot of rogue AP's showing up, people bridging the internal network by activating the "become a hotspot" feature in OSX. this is a *GREAT* feature, don't get me wrong. especially the latency and ease of use.. but in our case its causing problems, and i'm looking at a way to disable the AP features without disabling ALL wifi with something like.
  /usr/sbin/networksetup -setairportpower en1 off
  this is a bit too much ,it disables the entire airport/wifi. we want to only disable the access point capabilities.
  any hardcore guru's out there have some advise?
  TIA!

  Enabling sharing services requires administrative access, so one option is to set this and only give folks standard "managed" access. The Internet Sharing service is a process called "InternetSharing" that runs as the root user and establishes all the appropriate services for the needed connection. You could technically remove or even rename this process on systems to prevent it from being used, or remove or disable its launch daemon. These files are in the following directories:
  /System/Library/LaunchDaemons/com.apple.InternetSharing.plist
  /usr/libexec/InternetSharing

• How many clients support access points 1602, 2602, 3602?

  Hi! How many clients support access point 1602, 2602, 3602. I have found for example that the 1602 supports 32 ClientLink clients and max 128 clients, APs 2602, 3602 supports 128 ClientLink clients and max 200 clients. But is it really? And can we say for example that the AP 2602 will withstand max 200 clients?

  The reason the answer varies so much, is because there are so many variables (this is also why the value ranges so much from one manufacture to the next).  When determining the answer you are looking for you need to consider the following factors and likely more:
  AP model and the features it supports
  single, dual, or tri radio AP
  20, 40, or 80Mhz wide channels
  Device type (b/g, b/g/n, a/b/g/n, a/b/g/n/ac, spatial stream support, and channel width support)
  Security/QOS method(s) employed
  Average distance from the AP
  Obstructions between devices and radios
  Number of competing radios for the same channel
  Data rates configuration
  Rogue detection/mitigation configuration
  Surrounding client density not just the area of concern client density
  Noise floor levels
  Application types/per user network load (is it heavy like YouTube traffic or a drone on the network like Pandora)
  Network latency on the switching side - including the internet circuit
  Application of per SSID, per user, and or per application rate limiting
  The list continues, but I think you get the idea
  I have personally seen 80 devices on a 5Ghz radio of a 3500 access point with several other access points and at least 200 other clients in the area and it was working well.  That being said I would never design to expect that many on a single radio, but I think it is better said that you can safely design for 20-30 clients per 2.4Ghz radio and 25-40 clients per 5Ghz radio.
  The default statement of 20-25 per AP and similar low expectation statements concerning Cisco wireless have been around for many years.  It is now 2014.  About 65% of clients support 5Ghz, ~9% support AC (already), ~90% support some form of N, and ~0.01% support B only.  The landscape of wireless is changing fast making questions like this one have ever changing answers.
  I hope this helps :).
  John

• Unable to stop the event logs on access point console

  Hi team,
  I have an AIR-LAP1131AG-E-K9 access point having ios c1130-k9w8-mx.124-21a.JHB1.
  When I am trying to take the console of it there are many logs generated like LWAPP ...Go join the controller, Discover controller etc. and the ap is unable to register to the controller(2112 with ios version 6.0.199.4). I'm trying to enter the command but there are many event msg generated....How do i stop this event log. I tried entering the command no debug all. but still there are many logs...
  I want to enter the the following commands
  #lwapp ap  ip address <ip addr>.
  #lwapp a pip default-gateway <gateway ip addr>
  #lwapp ap controller ip addr <controller ip>
  #wr me
  Revert me back on urgent basis
  Thanks in advance..

  Thanks Rashika,
  Now the access point got registered to the controller..This happened becuse of country Code..
  I have changed the country code to UK, Belgium it started working fine.
  Initially when it was IN the access point was not getting register..
  But now the problem which arised is that the user is unable to get authenticated to the radius server.
  Radius server is reachable and we have done every changes required for radius server authentication.
  Users are getting rejected.
  Customer is saying that the radius server is in IN domain and the WLC/access point is in UK,BE and hence the users are unable to connect..
  Is it so??
  Rply
  Thanks in advance...

• How do I make my AirPort Extreme a access point?

  I just bought a Time Capsule and now I want to extend my range of my network.  How do I make my AE an access point?

  In this case, you will want to configure both base stations in an extended network.
  Dynamic WDS - Extending a Wireless Network Setup
  If practical, place the base stations in near proximity to each other during the setup phase. Once done, move them to their desired locations.
  Open AirPort Utility, and then, select the base station that will connect to the Internet.
  Choose Manual Setup from the Base Station menu, or double-click the base station to open the configuration in a separate window. Enter the base station password if necessary.
  Click AirPort in the toolbar, and then, click Wireless.
  Choose “Create a wireless network” from the Wireless Mode pop-up menu, and then, select the “Allow this network to be extended” checkbox.
  Next, select the base station that will extend this network, and then, choose Manual Setup from the Base Station menu, or double-click the base station to open its configuration in a separate window. Enter the base station password if necessary.
  Choose “Extend a wireless network” from the Wireless Mode pop-up menu, and then, choose the network you want to extend from the Network Name pop-up menu.
  Enter the base station network and base station password if necessary.
  Click Update to update the base station with new network settings.
  (ref: Pages 43-44 of Apple AirPort Networks.)

• How do I configure my AirPort Extreme as a wireless access point?  My cable modem goes to a router, and one of those ports goes to my AirPortExtreme.

  I am about to hook up my airport extreme.  My cable modem goes into a router, and one of those ports will supply my airport extreme.  I was told by the Apple Store that I would need to configure my airport extreme as a wirreless access point.  How do I do this?

  With sbcgobal I got a Gateway 2wire modem. What I would like to know is how do I set up my APE as remote?
  Unfortunately, you won't be able to do this as few non-AirPort routers will work with AirPorts in a Wireless Distribution System (WDS).

• Can't HP Officejet pro 8100 do wifi access point?

  Yesterday my HP Officejet pro 8100 arrived and I try to connect via wifi. I thinked that It need a infrastructure access point to print via wifi.
  When I powered on the printer I osserved that It create an access point autonomously with SSID: HP-Setup-7A-Officejet Pro, with IPv4 address server, etc...
  I was very happy and I printed a page with my smartphone samsung s4 connected directly with printer access point (not wifi direct but standard wifi).
  Today no changed occurred but I can't use printer with its own access point, but only with an external wifi access point.
  Someone can help me, please? It could be an hardware problem?
  Thanks,
  Luca
  P.S. in web server I checked that "access point connectivity" (Punto di accesso wireless connettività in Italian) is checked.
  This question was solved.
  View Solution.

  Hello lucait
  To print via WiFi you need to have a wireless router setup. Once you have the wireless router setup correctly you will have a SSID and Wepkey that will enable you to add devices to your network. The network will allow all your devices to communicate not just with each other but with the internet. At the moment your printer was not put in a network so instead of broadcasting on a network it is broadcasting on it's own network called HP-Setup-7A-Officejet Pro which is only good for a short period of time to allow you to setup your wireless. I am going to assume you have a wireless network and you are just needing assistance getting the printer setup on that network.
  To set your printer up on a network you will need to reset your network defaults so your printer begins to broadcast that HP-Setup-7A-Officejet Pro network again. You can do this buy following the steps on the HP Support document Resetting the Network Settings. Once you have done this you can begin to install the software that came with your printer on your computer. You want to set the printer up wirelessly when the option arrives. The software should configure your printers wireless for you and put it on the network. Once completed you should be able to access your printer from all your devices as long as they are on the network. 
  I hope this helps resolve your wireless issue. Thank you for posting on the HP Forums. Have a great day! 
  Please click the "Thumbs Up" on the bottom right of this post to say thank you if you appreciate the support I provide!
  Also be sure to mark my post as “Accept as Solution" if you feel my post solved your issue, it will help others who face the same challenge find the same solution.
  Dunidar
  I work on behalf of HP
  Find out a bit more about me by checking out my profile!
  "Customers don’t expect you to be perfect. They do expect you to fix things when they go wrong." ~ Donald Porter