Thanks alot for the reply.
But if there is security on the ap such as WPA or WEP the ap cannot send
deauths correct? In this case does it do anything to block the rogue ap?
On Sat, Aug 8, 2009 at 9:40 PM, <Keegan.Holley_at_sungard.com> wrote:
> Haven't touched wireless in a while so forgive me. I think the first one
> is referring to actually shutting down it's own radio interface and then
> connecting again as a client and waiting for other clients to connect to the
> rogue. I wouldn't recommend doing this in an urban environment as it's a
> pretty good way to DOS the local Hyatt and possibly get sued. :) I'm not
> sure about the second example. I honestly never understood this myself.
> For example the wired NIC is going to have a different MAC than the
> wireless one so how is it going to be able to correlate the same client on
> the wired network? I've never tested containment using a client but I was
> under the impression that it sends the deauth requests fast enough so that
> your client never can pass traffic over the bad AP. Maybe your two rouge
> detectors are deauthing each other? The overall point is to keep sending
> deauth requests to clients until they authenticate to a non-rogue AP.
>
>
>
> *Cisco Wireless Rogue Containment*
> *Dane Newman * to: Cisco certification 08/08/09 08:01 PM
>
> Sent by: *nobody_at_groupstudy.com*
> *Please respond to Dane Newman*
>
>
>
> ------------------------------
>
>
>
> Hello Experts.
>
> So I have gotten around to play with cisco wireless and I was curious if
> someone could help me understand how exactly the rogue containment works.
>
> I have found and read through this article
>
> http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml
>
>
> I have read these paragraph
>
> *"RLDP is an active approach, which is used when rogue AP has no
> authentication (Open Authentication) configured. This mode, which is
> disabled by default, instructs an active AP to move to the rogue channel
> and
> connect to the rogue as a client. During this time, the active AP sends
> deauthentication messages to all connected clients and then shuts down the
> radio interface. Then, it will associate to the rogue AP as a client."*
> I understand if the rogue is an open access point (no security) the system
> can send deauth packets to clients. How does is exactly shut down the
> radio? What does the last line mean then it will associate to the rogue ap
> as a client? does this mean if it comes back up it will associate again>
>
> AlsoI have read this below...
>
> *"This approach is used when rogue AP has some form of authentication,
> either WEP or WPA. When a form of authentication is configured on rogue AP,
> the Lightweight AP cannot associate because it does not know the key
> configured on the rogue AP. The process begins with the controller when it
> passes on the list of rogue client MAC addresses to an AP that is
> configured
> as a rogue detector. The rogue detector scans all connected and configured
> subnets for ARP requests, and ARP searches for a matching Layer 2 address.
> If a match is discovered, the controller notifies the network administrator
> that a rogue is detected on the wired subnet."*
> **
> So when the rogue is secured I understand that it cannot connect
> wirelessly. From what I am reading (please let me know if I am
> understanding it correctly) access points can be put in rogue detectory
> mode
> and trunked with all vlans. It then can only notify you that a rogue is
> connected to the wired network? What if the rogue is not connected to your
> wired network? Can anything be done to block the rogue then?
>
> I have a 2106 controller and I am playing with it at the moment. I set it
> up with 2 CAPWAP ap's and then set up a rogue ap in my home not connected
> to
> the wired network. I ran a constant ping before containing it and it was
> always below 1-2 MS response time. I then contained it using two AP's and
> it started going over 500 MS + and dropping packets. Maybe its just my
> imagionation but I would like to know how it's blocking or giving poor
> preformance to the rogue? Is it doing anything or just my imagionation?
>
> Dane
>
>
> Blogs and organic groups at
> http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> <http://www.ccie.net/><http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml>
Blogs and organic groups at http://www.ccie.net
Received on Sat Aug 08 2009 - 22:29:23 ART
This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:56 ART