5-83
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Managing Rogue Devices
If you upgrade to controller software release 5.0 or later, the classification and state of the rogue access
points are reconfigured as follows:
• From Known to Friendly, Internal.
• From Acknowledged to Friendly, External.
• From Contained to Malicious, Contained.
As mentioned previously, the controller can automatically change the classification type and rogue state
of an unknown access point based on user-defined rules, or you can manually move the unknown access
point to a different classification type and rogue state. Table 5-9 shows the allowable classification types
and rogue states from and to which an unknown access point can be configured.
If the rogue state is Contained, you have to uncontain the rogue access point before you can change the
classification type. If you want to move a rogue access point from Malicious to Unclassified, you must
delete the access point and allow the controller to reclassify it.
Unclassified
• Pending—On first detection, the unknown access point is put in
the Pending state for 3 minutes. During this time, the managed
access points determine if the unknown access point is a
neighbor access point.
• Alert—The unknown access point is moved to Alert if it is not
in the neighbor list or in the user-configured friendly MAC list.
• Contained—The unknown access point is contained.
• Contained Pending—The unknown access point is marked
Contained, but the action is delayed due to unavailable
resources.
Table 5-8 Classification Mapping (continued)
Rule-Based Classification Type Rogue States
Table 5-9 Allowable Classification Type and Rogue State Transitions
From To
Friendly (Internal, External, Alert) Malicious (Alert)
Friendly (Internal, External, Alert) Unclassified (Alert)
Friendly (Alert) Friendly (Internal, External)
Malicious (Alert, Threat) Friendly (Internal, External)
Malicious (Contained, Contained Pending) Malicious (Alert)
Unclassified (Alert, Threat) Friendly (Internal, External)
Unclassified (Contained, Contained Pending) Unclassified (Alert)
Unclassified (Alert) Malicious (Alert)
To Next Page
Loading...
Need help?
General
