User's Manual
Table Of Contents
- Welcome to the Product Guide!
- Legal Information
- Obtaining Documentation
- Documentation Feedback
- Cisco Product Security Overview
- Obtaining Technical Assistance
- Obtaining Additional Publications and Information
- FCC Statements for Cisco 1000 Series Lightweight Access Points
- Industry Canada Required User Information for Cisco 1000 Series Lightweight Access Points
- FCC Statements for Cisco 4100 Series Wireless LAN Controllers
- FCC Statements for Cisco 2000 Series Wireless LAN Controllers
- Safety Considerations
- OVERVIEWS
- About the Cisco Structured Wireless-Aware Network
- Single-Cisco Wireless LAN Controller Deployments
- Multiple-Cisco Wireless LAN Controller Deployments
- About the Operating System Software
- About Operating System Security
- About Cisco SWAN Wired Security
- Layer 2 and Layer 3 LWAPP Operation
- About Radio Resource Management (RRM)
- About the Master Cisco Wireless LAN Controller
- About the Primary, Secondary, and Tertiary Cisco Wireless LAN Controllers
- About Client Roaming
- About Client Location
- About External DHCP Servers
- About Controller Mobility Groups
- About Cisco SWAN Wired Connections
- About Cisco SWAN WLANs
- About Access Control Lists
- About Identity Networking
- About File Transfers
- About Power Over Ethernet
- Pico Cell Functionality
- Intrusion Detection Service (IDS)
- About Cisco Wireless LAN Controllers
- About Cisco 2000 Series Wireless LAN Controllers
- Cisco 4100 Series Wireless LAN Controllers
- Cisco Wireless LAN Controller Features
- Cisco 2000 Series Wireless LAN Controller Model Numbers
- Cisco 4100 Series Wireless LAN Controller Model Numbers
- Appliance Mode
- About Distribution System Ports
- About the Management Interface
- About the AP-Manager Interface
- About Operator-Defined Interfaces
- About the Virtual Interface
- About the Service Port
- About the Service-Port Interface
- About the Startup Wizard
- About Cisco Wireless LAN Controller Memory
- Cisco Wireless LAN Controller Failover Protection
- Cisco Wireless LAN Controller Automatic Time Setting
- Cisco Wireless LAN Controller Time Zones
- Network Connection to Cisco Wireless LAN Controllers
- VPN/Enhanced Security Module
- About Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points
- About Cisco 1030 IEEE 802.11a/b/g Remote Edge Lightweight Access Points
- About Cisco 1000 Series Lightweight Access Point Models
- About Cisco 1000 Series Lightweight Access Point External and Internal Antennas
- About Cisco 1000 Series Lightweight Access Point LEDs
- About Cisco 1000 Series Lightweight Access Point Connectors
- About Cisco 1000 Series Lightweight Access Point Power Requirements
- About Cisco 1000 Series Lightweight Access Point External Power Supply
- About Cisco 1000 Series Lightweight Access Point Mounting Options
- About Cisco 1000 Series Lightweight Access Point Physical Security
- About Cisco 1000 Series Lightweight Access Point Monitor Mode
- About Rogue Access Points
- About the Cisco Wireless Control System
- About the Web User Interface
- About the Command Line Interface
- About the Cisco Structured Wireless-Aware Network
- SOLUTIONS
- Operating System Security
- Converting a Cisco SWAN from Layer 2 to Layer 3 Mode
- Converting a Cisco SWAN from Layer 3 to Layer 2 Mode
- Configuring a Firewall for Cisco WCS
- Configuring the System for SpectraLink NetLink Telephones
- Using Management over Wireless
- Configuring a WLAN for a DHCP Server
- Customizing the Web Auth Login Screen
- Configuring Identity Networking for Operating System 2.2
- TASKS
- Using the Cisco SWAN CLI
- Configuring Cisco Wireless LAN Controllers
- Collecting Cisco Wireless LAN Controller Parameters
- Configuring System Parameters
- Configuring Cisco Wireless LAN Controller Interfaces
- Creating Access Control Lists
- Configuring WLANs
- Configuring Controller Mobility Groups
- Configuring RADIUS
- Configuring SNMP
- Configuring Other Ports and Parameters
- Adding SSL to the Web User Interface
- Transferring Files To and From a Cisco Wireless LAN Controller
- Updating the Operating System Software
- Using the Startup Wizard
- Adding SSL to the Web User Interface
- Adding SSL to the 802.11 Interface
- Saving Configurations
- Clearing Configurations
- Erasing the Cisco Wireless LAN Controller Configuration
- Resetting the Cisco Wireless LAN Controller
- Using the Cisco Wireless Control System
- Starting and Stopping Windows Cisco WCS
- Starting and Stopping Linux Cisco WCS
- Starting and Stopping the Cisco WCS Web Interface
- Using Cisco WCS
- Checking the Cisco SWAN Network Summary
- Adding a Cisco Wireless LAN Controller to Cisco WCS
- Creating an RF Calibration Model
- Adding a Campus Map to the Cisco WCS Database
- Adding a Building to a Campus
- Adding a Standalone Building to the Cisco WCS Database
- Adding an Outdoor Area to a Campus
- Adding Floor Plans to a Campus Building
- Adding Floor Plans to a Standalone Building
- Adding APs to Floor Plan and Outdoor Area Maps
- Monitoring Predicted Coverage (RSSI)
- Monitoring Channels on Floor Map
- Monitoring Transmit Power Levels on a Floor Map
- Monitoring Coverage Holes on a Floor Map
- Monitoring Users on a Floor Map
- Monitoring Clients From a Floor Map
- Troubleshooting with Cisco WCS
- Detecting and Locating Rogue Access Points
- Acknowledging Rogue APs
- Locating Clients
- Finding Coverage Holes
- Pinging a Network Device from a Cisco Wireless LAN Controller
- Viewing Current Cisco Wireless LAN Controller Status and Configurations
- Viewing Cisco WCS Statistics Reports
- Updating OS Software from Cisco WCS
- Managing Cisco WCS and Database
- Installing Cisco WCS
- Updating Windows Cisco WCS
- Updating Linux Cisco WCS
- Reinitializing the Windows Cisco WCS Database
- Reinitializing the Linux Cisco WCS Database
- Administering Cisco WCS Users and Passwords
- Using the Web User Interface
- Troubleshooting Tips
- REFERENCES
3/11/05 Rogue Access Points
OL-7426-02
About Rogue Access PointsRogue Access Points
Because they are inexpensive and readily available, employees are plugging unauthorized rogue access
points (Rogue APs) into existing LANs and building ad hoc wireless networks without IT department
knowledge or consent.
These Rogue APs can be a serious breach of network security, because they can be plugged into a
network port behind the corporate firewall. Because employees generally do not enable any security
settings on the Rogue APs, it is easy for unauthorized users to use the access point to intercept network
traffic and hijack client sessions. Even more alarming, wireless users and war chalkers frequently
publish unsecure access point locations, increasing the odds of having the enterprise security breached.
Rather than using a person with a scanner to manually detect Rogue APs, the Cisco SWAN automati-
cally collects information on Rogue APs detected by its managed Cisco 1000 Series IEEE 802.11a/b/g
Lightweight Access Points, by MAC and IP Address, and allows the Network operator to locate, tag and
monitor them as described in the Detecting and Locating Rogue Access Points section. The Operating
System can also be used to discourage Rogue AP clients by sending them deauthenticate and disasso-
ciate messages from one to four Cisco 1000 Series lightweight access points. Finally, the Operating
System can be used to automatically discourage all clients attempting to authenticate with all
Rogue APs on the enterprise subnet. Because this real-time detection is automated, it saves labor costs
used for detecting and monitoring Rogue APs while vastly improving LAN security.
Note that the peer-to-peer, or ad-hoc, clients can also be considered Rogue APs.
See also Rogue AP Location, Tagging and Containment
.
Rogue AP Location, Tagging and ContainmentRogue AP Location, Tagging and Containment
This built-in detection, tagging, monitoring and containment capability allows system administrators to
take required actions:
• Locate Rogue APs as described in Detecting and Locating Rogue Access Points.
• Receive new Rogue AP notifications, eliminating hallway scans.
• Monitor unknown Rogue APs until they are eliminated or acknowledged.
• Determine the closest authorized Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access
Points, making directed scans faster and more effective.
• Contain Rogue APs by sending their clients deauthenticate and disassociate messages from one
to four Cisco 1000 Series lightweight access points. This containment can be done for individual
Rogue APs by MAC address, or can be mandated for all Rogue APs connected to the enterprise
subnet.
• Tag Rogue APs:
- Acknowledge Rogue APs when they are outside of the LAN and do not compromise the
LAN or WLAN security.
- Accept Rogue APs when they do not compromise the LAN or WLAN security.
- Tag Rogue APs as unknown until they are eliminated or acknowledged.
- Tag Rogue APs as contained and discourage clients from associating with the Rogue AP
by having between one and four Cisco 1000 Series lightweight access points transmit
deauthenticate and disassociate messages to all Rogue AP clients. This function
contains all active channels on the same Rogue AP.
Rogue Detector mode detects whether or not a rogue is on a trusted network. It does not provide RF
service of any kind, but rather receives periodic rogue reports from the switch, and sniffs all ARP
packets. If it finds a match between an ARP request and a MAC address it receives from the switch, it
generates a rogue alert to the switch.