5-86
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Managing Rogue Devices
Step 2 To specify the number of seconds after which the rogue access point and client entries expire and are
removed from the list, enter this command:
config rogue ap timeout seconds
The valid range for the seconds parameter is 240 to 3600 seconds (inclusive), and the default value is
1200 seconds.
Note If a rogue access point or client entry times out, it is removed from the controller only if its rogue
state is Alert or Threat for any classification type.
Step 3 To enable or disable ad-hoc rogue detection and reporting, enter this command:
config rogue adhoc {enable | disable}
Step 4 To enable or disable the AAA server or local database to validate if rogue clients are valid clients, enter
this command:
config rogue client aaa {enable | disable}
Step 5 If you want the controller to automatically contain certain rogue devices, enter these commands.
Caution When you enter any of these commands, the following warning appears: “Using this feature may have
legal consequences. Do you want to continue?” The 2.4- and 5-GHz frequencies in the Industrial,
Scientific, and Medical (ISM) band are open to the public and can be used without a license. As such,
containing devices on another party’s network could have legal consequences.
• config rogue ap rldp enable auto-contain—Automatically contains rogues that are detected on the
wired network.
• config rogue ap ssid auto-contain—Automatically contains rogues that are advertising your
network’s SSID.
Note If you want the controller to only generate an alarm when such a rogue is detected, enter this
command: config rogue ap ssid alarm.
• config rogue ap valid-client auto-contain—Automatically contains a rogue access point to which
trusted clients are associated.
Note If you want the controller to only generate an alarm when such a rogue is detected, enter this
command: config rogue ap valid-client alarm.
• config rogue adhoc auto-contain—Automatically contains adhoc networks detected by the
controller.
Note If you want the controller to only generate an alarm when such a network is detected, enter
this command: config rogue adhoc alert.
To Next Page
Loading...
Need help?
General
