The Life and Death
of a Rogue AP
Using Cisco’s WCS To Manage
Potential Rogue APs
1-800-COURSES
www.globalknowledge.com
Expert Reference Series of White Papers
Written and provided by
GigaWave Technologies
®
White Paper

The Life and Death of a Rogue AP
Using Cisco’s WCS to Manage Potential Rogue APs
Author: Bill Daniel, Wireless Training Specialist, CCSI, CCNA, MCSE+I (Windows NT), MCSE (Windows 2000)
All content is the property of GigaWave Technologies, a division of TESSCO Technologies. ©2007 All rights reserved.
All content is the property of GigaWave Technologies, a division of TESSCO Technologies. ©2007 All rights reserved.
GigaWave Technologies
®
White Paper
Page 1
Introduction:
Today, wireless networking is a reality from which IT managers cannot escape. Regardless of the size of an
organizatio
n, where it is located, or what vertical market it serves, network users want it. No longer is
wireless ne
tworking a fringe technology – it’s mainstream and it continues to expand at stellar growth rates
within the
enterprise marketplace.
As with most progressive organizations and co
rporations, network users understand the value of wireless

•
Determine the status of the potential rogue and your course of action
This paper
discusses how you can use Cisco’s Wireless Control System (WCS) software to manage
potential ro
gue APs and eliminate the threat they pose to the unified network.
It’s Good Policy to Have a Written Policy
First and foremost, have a written policy regarding the deployment/use of rogue access points (APs) on the
corporate
network. Draft a policy that defines what a rogue AP is (an AP not managed or authorized by the
company’s IT department) and why
it is detrimental to have on the network (poses a threat to network
security). Discuss wit
h company management what punishments the company is willing to impose on any
violators, even member
s of its own ranks. As Sun Tzu pointed out, a policy that goes un-enforced once
becomes an unenforce
able policy.
If at all possible, it’s r
ecommended that you give supported users a short class on the dangers of rogue APs
to help them understand
why rogues are so dangerous. Explaining why such a hard stance is being taken on
personal wi
reless networks will make the execution of the policy easier for the IT department. Of course,
that’s a per
fect world scenario. Even the best laid plans and efforts to openly communicate network policy
will not stop
individuals who, for one reason or another, feel they are above the law. At the very least, have
all of your users sign
a statement acknowledging that they understand the reasons why rogue APs can not be Figure 1
All content is the property of GigaWave Technologies, a division of TESSCO Technologies. ©2007 All rights reserved.
GigaWave Technologies
®
White Paper
Page 3
Discovering Potential Rogues via the Alarm Dashboard

The gritty truth is, network administrators must know exactly how many potential rogues WCS has heard
from and identified. No matter how bad it is, keep in mind that the Alarm Dashboard is just the tool. When
looking at this screen, IT staffers must brace themselves and look down at the lower left corner of the
screen. The Alarm Dashboard is always there, following network administrators around as faithful as man’s
best friend. For those unfamiliar with the name of this handy tool, just look for the small grid-like square in
the lower left corner on any page in WCS. The dashboard is a summary of all the errors that WCS knows
how to identify, broken down by category and severity. The dashboard has rows for rogues, coverage,
security, controllers, access points and location. The error count is listed with minor errors in yellow squares,
major errors in orange squares, and critical errors in red squares. Potential rogues are typically listed as a
minor error in the Rogues category. Click on the number in that row that’s yellow and WCS will take you to a
dynamically created web page showing the 20 most recent rogues. Of course, if there are more than 20
recent rogues, which is probable, WCS will display links for other pages too. Figure 2 shows a sample Alarm
Dashboard.
Figure 2