The Life and Death
of a Rogue AP
Using Cisco’s WCS To Manage
Potential Rogue APs
1-800-COURSES
www.globalknowledge.com
Expert Reference Series of White Papers
Written and provided by
GigaWave Technologies
®
White Paper

The Life and Death of a Rogue AP
Using Cisco’s WCS to Manage Potential Rogue APs
Author: Bill Daniel, Wireless Training Specialist, CCSI, CCNA, MCSE+I (Windows NT), MCSE (Windows 2000)
All content is the property of GigaWave Technologies, a division of TESSCO Technologies. ©2007 All rights reserved.
All content is the property of GigaWave Technologies, a division of TESSCO Technologies. ©2007 All rights reserved.
GigaWave Technologies
®
White Paper
Page 1
Introduction:
Today, wireless networking is a reality from which IT managers cannot escape. Regardless of the size of an
organizatio
n, where it is located, or what vertical market it serves, network users want it. No longer is
wireless ne
tworking a fringe technology – it’s mainstream and it continues to expand at stellar growth rates
within the
enterprise marketplace.
As with most progressive organizations and co
rporations, network users understand the value of wireless

networking.
Maybe they’ve surfed the Internet wearing PJs on their bed, downloaded files on their back
porch, or pl
ayed games with wireless remotes. Obviously, a large percentage enjoy sitting in a local coffee
shop sippi
ng java and responding to email. Regardless, most have heard wireless networking’s siren song
offering th
em the freedom and flexibility they crave. Why? Wireless can make them more productive. It
might even
make them more comfortable. Whatever the reason, they want it, and as Meatloaf sang in a
recent song
, “If it’s something I want, then it’s something I need!”
Basic end-
user wireless can be very inexpensive and easy to set up. In fact, chances are if users have not
been given access
to an authorized wireless solution, they have already set up an unauthorized network of
their own. If they haven
’t done that, it’s only a matter of time. This grassroots effort to set up personal
wireless ne
tworks would be a great cost saver for the enterprise if it weren’t for two little things called support
and securit
y. The most significant of these, for any and all network administrators, is the wide-open lack of
security tha
t most users will inadvertently create when they install their own rogue wireless network.
Basic rogue
management methodology includes these steps:
•
Identify potential rogues
•
Locate the potential rogue

•
Determine the status of the potential rogue and your course of action
This paper
discusses how you can use Cisco’s Wireless Control System (WCS) software to manage
potential ro
gue APs and eliminate the threat they pose to the unified network.
It’s Good Policy to Have a Written Policy
First and foremost, have a written policy regarding the deployment/use of rogue access points (APs) on the
corporate
network. Draft a policy that defines what a rogue AP is (an AP not managed or authorized by the
company’s IT department) and why
it is detrimental to have on the network (poses a threat to network
security). Discuss wit
h company management what punishments the company is willing to impose on any
violators, even member
s of its own ranks. As Sun Tzu pointed out, a policy that goes un-enforced once
becomes an unenforce
able policy.
If at all possible, it’s r
ecommended that you give supported users a short class on the dangers of rogue APs
to help them understand
why rogues are so dangerous. Explaining why such a hard stance is being taken on
personal wi
reless networks will make the execution of the policy easier for the IT department. Of course,
that’s a per
fect world scenario. Even the best laid plans and efforts to openly communicate network policy
will not stop
individuals who, for one reason or another, feel they are above the law. At the very least, have
all of your users sign
a statement acknowledging that they understand the reasons why rogue APs can not be

tolerated on
the corporate network and
that disciplinary measures will be taken if rogue APs are discovered.
All content is the property of GigaWave Technologies, a division of TESSCO Technologies. ©2007 All rights reserved.
GigaWave Technologies
®
White Paper
Page 2
Once users know deploying rogues are bad, for both the company and for them personally, wireless network
administrators can turn their attention to how WCS helps find and eliminate evil rogues.

Discovering Potential Rogue via the Network Summary Page

When WCS is opened, the first screen that appears is the Network Summary page. This page shows a list of
the most recent rogue APs found on your network, including the MAC address, SSID, type, state of the
potential rogue, as well as the date and time the potential rogue was discovered. It’s worthwhile to point out
that this list provides only the “Most Recent Rogue APs”… and not a list of all rogue APs. Potential rogues
that are within hearing range of the network for any length of time may not be listed here as there might be a
lot of them. Remember that the Network Summary page is just that – a summary page. For all the details
you need to dig a little deeper. Figure 1 shows a sample Network Summary page.















Figure 1
All content is the property of GigaWave Technologies, a division of TESSCO Technologies. ©2007 All rights reserved.
GigaWave Technologies
®
White Paper
Page 3
Discovering Potential Rogues via the Alarm Dashboard

The gritty truth is, network administrators must know exactly how many potential rogues WCS has heard
from and identified. No matter how bad it is, keep in mind that the Alarm Dashboard is just the tool. When
looking at this screen, IT staffers must brace themselves and look down at the lower left corner of the
screen. The Alarm Dashboard is always there, following network administrators around as faithful as man’s
best friend. For those unfamiliar with the name of this handy tool, just look for the small grid-like square in
the lower left corner on any page in WCS. The dashboard is a summary of all the errors that WCS knows
how to identify, broken down by category and severity. The dashboard has rows for rogues, coverage,
security, controllers, access points and location. The error count is listed with minor errors in yellow squares,
major errors in orange squares, and critical errors in red squares. Potential rogues are typically listed as a
minor error in the Rogues category. Click on the number in that row that’s yellow and WCS will take you to a
dynamically created web page showing the 20 most recent rogues. Of course, if there are more than 20
recent rogues, which is probable, WCS will display links for other pages too. Figure 2 shows a sample Alarm
Dashboard.
Figure 2