Cisco Systems 3.2 Wireless Office Headset User Manual


 
1-25
Cisco Wireless LAN Controller Configuration Guide
OL-8335-02
Chapter 1 Overview
Web User Interface and the CLI
Rogue Access Point Location, Tagging, and Containment
This built-in detection, tagging, monitoring, and containment capability allows system administrators to
take required actions:
Locate rogue access point as described in the Cisco Wireless Control System Configuration Guide.
Receive new rogue access point notifications, eliminating hallway scans.
Monitor unknown rogue access point until they are eliminated or acknowledged.
Determine the closest authorized access point, making directed scans faster and more effective.
Contain rogue access points by sending their clients deauthenticate and disassociate messages from
one to four Cisco 1000 series lightweight access points. This containment can be done for individual
rogue access points by MAC address, or can be mandated for all rogue access points connected to
the enterprise subnet.
Tag rogue access points:
Acknowledge rogue access point when they are outside of the LAN and do not compromise the
LAN or wireless LAN security.
Accept rogue access point when they do not compromise the LAN or wireless LAN security.
Tag rogue access point as unknown until they are eliminated or acknowledged.
Tag rogue access point as contained and discourage clients from associating with the rogue
access point by having between one and four Cisco 1000 series lightweight access points
transmit deauthenticate and disassociate messages to all rogue access point clients. This
function contains all active channels on the same rogue access point.
Rogue Detector mode detects whether or not a rogue access point is on a trusted network. It does not
provide RF service of any kind, but rather receives periodic rogue access point reports from the Cisco
Wireless LAN Controller, and sniffs all ARP packets. If it finds a match between an ARP request and a
MAC address it receives from the Cisco Wireless LAN Controller, it generates a rogue access point alert
to the Cisco Wireless LAN Controller.
To facilitate automated rogue access point detection in a crowded RF space, Cisco 1000 series
lightweight access points can be configured to operate in monitor mode, allowing monitoring without
creating unnecessary interference.
Web User Interface and the CLI
This section describes the controller GUI and CLI.
Web User Interface
The Web User Interface is built into each Cisco Wireless LAN Controller. The Web User Interface allows
up to five users to simultaneously browse into the built-in Cisco Wireless LAN Controller http or https
(http + SSL) Web server, configure parameters, and monitor operational status for the Cisco Wireless
LAN Controller and its associated Access Points.
Note Cisco recommends that you enable the https: and disable the http: interfaces to ensure more robust
security for your Cisco WLAN Solution.