10-14
Cisco Wireless LAN Controller Configuration Guide
OL-1926-06OL-9141-03
Chapter 10 Configuring Radio Resource ManagementWireless Device Access
Enabling Rogue Access Point Detection
Step 8 Choose AP Authentication from the Protection Type drop-down box to enable rogue access point
detection.
Step 9 Enter a number in the Alarm Trigger Threshold edit box to specify when a rogue access point alarm is
generated. An alarm occurs when the threshold value (which specifies the number of access point frames
with an invalid authentication IE) is met or exceeded within the detection period.
Note The valid threshold range is from1 to 255, and the default threshold value is 1. To avoid false
alarms, you may want to set the threshold to a higher value.
Step 10 Click Apply to commit your changes.
Step 11 Click Save Configuration to save your changes.
Step 12 Repeat this procedure on every controller in the RF group.
Note If rogue access point detection is not enabled on every controller in the RF group, the access
points on the controllers with this feature disabled are reported as rogues.
Using the CLI to Enable Rogue Access Point Detection
Follow these steps to enable rogue access point detection using the CLI.
Step 1 Make sure that each controller in the RF group has been configured with the same RF group name.
Note The name is used to verify the authentication IE in all beacon frames. If the controllers have
different names, false alarms will occur.
Step 2 Enter config ap mode local Cisco_AP or config ap mode monitor Cisco_AP to configure this particular
access point for local (normal) mode or monitor (listen-only) mode.
Step 3 Enter save config to save your settings.
Step 4 Repeat Step 2 and Step 3 for every access point connected to the controller.
Step 5 Enter config wps ap-authentication to enable rogue access point detection.
Step 6 Enter config wps ap-authentication threshold to specify when a rogue access point alarm is generated.
An alarm occurs when the threshold value (which specifies the number of access point frames with an
invalid authentication IE) is met or exceeded within the detection period.
Note The valid threshold range is from1 to 255, and the default threshold value is 1. To avoid false
alarms, you may want to set the threshold to a higher value.
To Next Page
Loading...
Need help?
General
