5-91
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Managing Rogue Devices
Note If you later want to change the priority of this rule and shift others in the list accordingly, enter
this command: config rogue rule priority priority rule_name. If you later want to change the
classification of this rule, enter this command: config rogue rule classify {friendly | malicious}
rule_name.
Note If you ever want to delete all of the rogue classification rules or a specific rule, enter this
command: config rogue rule delete {all | rule_name}.
Step 2 To disable all rules or a specific rule, enter this command:
config rogue rule disable {all | rule_name}
Note A rule must be disabled before you can modify its attributes.
Step 3 To add conditions to a rule that the rogue access point must meet, enter this command:
config rogue rule condition ap set condition_type condition_value rule_name
where condition_type is one of the following:
• ssid—Requires that the rogue access point have a specific SSID. You should add SSIDs that are not
managed by the controller. If you choose this option, enter the SSID for the condition_value
parameter. The SSID is added to the user-configured SSID list.
Note If you ever want to delete all of the SSIDs or a specific SSID from the user-configured SSID
list, enter this command: config rogue rule condition ap delete ssid {all | ssid} rule_name.
• rssi—Requires that the rogue access point have a minimum RSSI value. For example, if the rogue
access point has an RSSI that is greater than the configured value, then the access point could be
classified as malicious. If you choose this option, enter the minimum RSSI value for the
condition_value parameter. The valid range is –95 to –50 dBm (inclusive), and the default value is
0 dBm.
• duration—Requires that the rogue access point be detected for a minimum period of time. If you
choose this option, enter a value for the minimum detection period for the condition_value
parameter. The valid range is 0 to 3600 seconds (inclusive), and the default value is 0 seconds.
• client-count—Requires that a minimum number of clients be associated to the rogue access point.
For example, if the number of clients associated to the rogue access point is greater than or equal to
the configured value, then the access point could be classified as malicious. If you choose this
option, enter the minimum number of clients to be associated to the rogue access point for the
condition_value parameter. The valid range is 1 to 10 (inclusive), and the default value is 0.
• no-encryption—Requires that the rogue access point’s advertised WLAN does not have encryption
enabled. A condition_value parameter is not required for this option.
• managed-ssid—Requires that the rogue access point’s SSID be known to the controller. A
condition_value parameter is not required for this option.
To Next Page
Loading...
Need help?
General
