Rogue AP Detection
A Rogue AP is an access point that has been installed on a secure network without explicit authorization from
a system administrator. The rogue AP poses a security threat because anyone with access to the premises can
unconsciously or maliciously install an inexpensive wireless WAP device that can potentially allow unauthorized
parties to access the network.
The WAP device performs a RF scan on all channels to detect all APs in the vicinity of the network. If rogue
APs are detected, they are shown on the Rogue AP Detection page. If an AP listed as a rogue is legitimate, it
can be added to the Known AP List.
The Detected Rogue AP List and Trusted AP List provide information. The AP does not have any control
over the APs on the list and cannot apply any security policies to APs detected through the RF scan.
When the Rogue AP detection is enabled, the radio periodically switches from its operating channel to scan
other channels within the same band.
Note
Viewing the Rogue AP List
In order for the Rogue AP Detection to function, the wireless radio must be enabled. You should first enable
the radio interface before enabling the Rogue AP detection for the radio interface.
To enable the radio to collect information about rogue APs:
Step 1 Select Security > Rogue AP Detection.
Step 2 Check Enable to enable the AP Detection for Radio 1 and Radio 2.
Step 3 Click Apply.
The Detected Rogue AP List table displays all detected rogue APs. The Trusted AP List displays all trusted APs. The
following settings are displayed for each or the Rogue AP lists:
• MAC Address — The MAC address of the rogue AP.
• Radio — Indicates whether the rogue AP is detected on Radio 1 or Radio 2.
• Beacon Interval (Msec.) — The beacon interval used by the rogue AP. Beacon frames are transmitted by an AP at
regular intervals to announce the existence of the wireless network. The default behavior is to send a beacon frame
once every 100 milliseconds (or 10 per second). The Beacon Interval is set on the Radio, on page 45 page.
• Type — The type of the device. The options are:
• AP — An AP rogue device that supports the IEEE 802.11 Wireless Networking Framework in infrastructure
mode.
• Ad hoc — A rogue station running in Ad hoc mode. The Ad hoc mode is an IEEE 802.11 Wireless Networking
Framework also referred to as peer-to-peer mode or an Independent Basic Service Set (IBSS).
• SSID — The Service Set Identifier (SSID) for the WAP device.
• Privacy — Indicates whether there is any security on the rogue device. The options are:
• Off — Security mode is off (no security).
Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide
41
System Configuration
Rogue AP Detection
To Next Page
Loading...
