Rogue Access Points - Looking For Help

Forums > General Discussion > Rogue Access Points - Looking For Help

smigma8 1 post	4 Nov 2009 at 5:20 a.m. UTC Good Evening! I am new to this site and this is my first post, so please bear with me... I am looking for some assistance combatting Rogue Access Points in our corporate environment... Our environment is completely Cisco. We are running in a L3/L2 configuration with Cisco 3750s (Core Switches/L3 Routers) and 2960s (Edge Switches). We are also using Cisco 1200 Series APs... The problem I am having is we have had some instances recently where users are bringing in rogue APs (Linksys, Netgear, etc) and connecting to our Local LAN to provide their own WLAN solution... This of course is against Corporate Policy. Is there a way prevent these types of rogue devices from being placed on the network? Also, if they are placed on the network is there a way to keep them from working? In doing some research it looks like this may be able to be achieved using Port Security? We do not currently have Port Security deployed and I am not sure if this is the best option or not... We have over 400 wired users on this network with an additional 200 wireless clients, and 150 Voice Clients across 7 VLANs... Is there a better way or any "Best Practices"? Thank you in advance for any assistance you can provide!
scarface 23 posts	4 Nov 2009 at 11:06 a.m. UTC Well, Port security would be the best solution. Use the mac-address sticky and maximum 1 commands. The mac-address of the host that is right now connected will be pasted on the port. If an user connects an AP or similar network device the port will be shutdown by default. You can use the restrict command too, if you want. You should use DHCP snooping too, so that an user can not bring up an DHCP server. You should just trust on the port where the legitimate DHCP server is conected and on the ports where an another switch is connected (trunks).
pierky 2 posts	4 Nov 2009 at 11:29 a.m. UTC Hi David, AFAIK both autonomous APs and LWAPP-based APs support rogue APs discovery. LWAPs use Cisco Wireless LAN Controller (WLC) Rogue Detection while autonomous APs use CiscoWorks Wireless LAN Solution Engine (WLSE). In short, they make a radio environment survey, detect rogue APs and then report to the controller/engine. Bye
jamdatadude 7 posts	9 Nov 2009 at 9:16 p.m. UTC Additionally you can use RLDP to verify that the rogue AP is connected to your network and send disassociation signals to it to prevent clients from connecting to the access point. This only works with open networks to my knowledge.
ppinto 8 posts	10 Nov 2009 at 11:40 a.m. UTC The Cisco Appliance wlan controller can do a report. In my work I use Enterasys Appliance RBT-8400 and 1002 AP's.. The reports are very complete

Viewing 1 - 5 of 5