Cisco Rogue Detection

K Kent Woodruff 3 years 5 months ago
4 0 0

Cisco's Rogue Detection is lame.  We should never lose.  We think it's full of false positives, but from Cisco's perspective... What do you mean with false positive ?A rogue AP is an AP in your physical environment that doesn't belong to you. So the alerts are probably not false positive. And Cisco does have the ability to see the wired interface of the rogue and compare it to what it sees over the air concluding that the device is on the wired network, commonly called MAC adjacency. There are two methods for seeing the wired interface: You can manually drill down on the "Rogue" MAC and do a switch port trace on Cisco switches (only Cisco switches).  There is no way to automate this process.      or You can buy an extra AP put it on a trunk port and dedicate it to sniffing the wired addresses (rogue detector mode).  This is the only way to automate the detection of a rogue on the wired network. Here's how they do the switch port trace…

Any large company concerned about rogues on the wired network can't seriously do this, can they?

Can’t find what you’re looking for?