Hello,
I would be very careful in playing around with Rogue Containment, be
sure you are sure of the AP you want to contain. Otherwise there could
be legality issues with this. The IOS used to warn you before you
contain a rogue, maybe it still does. If you need additional help
please feel free to contact me offline.
Sincerely,
John
On Sat, Aug 8, 2009 at 7:57 PM, Dane Newman<dane.newman_at_gmail.com> wrote:
> Hello Experts.
>
> So I have gotten around to play with cisco wireless and I was curious if
> someone could help me understand how exactly the rogue containment works.
>
> I have found and read through this article
> http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml
>
>
> I have read these paragraph
>
> *"RLDP is an active approach, which is used when rogue AP has no
> authentication (Open Authentication) configured. This mode, which is
> disabled by default, instructs an active AP to move to the rogue channel and
> connect to the rogue as a client. During this time, the active AP sends
> deauthentication messages to all connected clients and then shuts down the
> radio interface. Then, it will associate to the rogue AP as a client."*
> I understand if the rogue is an open access point (no security) the system
> can send deauth packets to clients. How does is exactly shut down the
> radio? What does the last line mean then it will associate to the rogue ap
> as a client? does this mean if it comes back up it will associate again>
>
> AlsoI have read this below...
>
> *"This approach is used when rogue AP has some form of authentication,
> either WEP or WPA. When a form of authentication is configured on rogue AP,
> the Lightweight AP cannot associate because it does not know the key
> configured on the rogue AP. The process begins with the controller when it
> passes on the list of rogue client MAC addresses to an AP that is configured
> as a rogue detector. The rogue detector scans all connected and configured
> subnets for ARP requests, and ARP searches for a matching Layer 2 address.
> If a match is discovered, the controller notifies the network administrator
> that a rogue is detected on the wired subnet."*
> **
> So when the rogue is secured I understand that it cannot connect
> wirelessly. From what I am reading (please let me know if I am
> understanding it correctly) access points can be put in rogue detectory mode
> and trunked with all vlans. It then can only notify you that a rogue is
> connected to the wired network? What if the rogue is not connected to your
> wired network? Can anything be done to block the rogue then?
>
> I have a 2106 controller and I am playing with it at the moment. I set it
> up with 2 CAPWAP ap's and then set up a rogue ap in my home not connected to
> the wired network. I ran a constant ping before containing it and it was
> always below 1-2 MS response time. I then contained it using two AP's and
> it started going over 500 MS + and dropping packets. Maybe its just my
> imagionation but I would like to know how it's blocking or giving poor
> preformance to the rogue? Is it doing anything or just my imagionation?
>
> Dane
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat Aug 08 2009 - 21:36:26 ART
This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:56 ART