• The MAC is not detected as rogue anymore.
• LLDP is disabled on the port (or globally).
Once a MAC has been authorized by one of these features, it will not be blocked by Rogue AP isolation. A RMON
will be logged to indicate the failure to block.
The Rogue AP module will retry to block any such MACs periodically. In the event of the MAC no longer being
authorized, Rogue AP isolation will block the MAC again. No RMON is logged to indicate this event.
L3 MAC
The Rogue AP isolation feature will not block a MAC configured as an IP receive MAC address on a VLAN
interface. This event will be logged in RMON if such MACs are detected as rogue.
Conversely, any MAC already blocked by Rogue AP isolation will not be allowed to be configured as an IP receive
MAC address of a VLAN interface.
For example:
switch# vlan 1 ip-recv-mac-address 247703-3effbb
Cannot add an entry for the MAC address 247703-3effbb because it is already
blocked by rogue-ap-isolation.
Using the Rogue AP Isolation feature
Procedure
1. Check the feature state:
switch# show rogue-ap-isolation
Rogue AP Isolation
Rogue AP Status : Disabled
Rogue AP Action : Block
Rogue MAC Address Neighbour MAC Address
----------------- ---------------------
2. Enable the feature:
switch# rogue-ap-isolation enable
switch# show rogue-ap-isolation
Rogue AP Isolation
Rogue AP Status : Enabled
Rogue AP Action : Block
Rogue MAC Address Neighbour MAC Address
----------------- ---------------------
3. Change the action type from block to log:
switch# rogue-ap-isolation action log
switch# show rogue-ap-isolation
Rogue AP Isolation
Chapter 11 Auto configuration upon Aruba AP detection 249
To Next Page
Loading...
