Reply
MVP
NightShade1
Posts: 2,346
Registered: ‎10-25-2011
Accepted Solution

L3 rogue detection

Okay i got a few question regard to this

1- I dont need an Air monitor ap to use this... i just can use it with any ap?

2-You just need to trunk all vlans that i want to be checked to one AP?

3-If  i just need to trunk it to just one AP, it is recomended to trunk it to at leas 2? just in case one goes down?

4-If i just trunk all the vlans to one AP, let say im a big company and i got  A LOT of vlans... is not recommened to trunk all vlans to one AP? or this just doesnt matter?

 

 

Any good practice using this is welcome if any of you can mention them.

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Moderator
cjoseph
Posts: 12,047
Registered: ‎03-29-2007

Re: L3 rogue detection

[ Edited ]

NightShade1 wrote:

Okay i got a few question regard to this

1- I dont need an Air monitor ap to use this... i just can use it with any ap?

2-You just need to trunk all vlans that i want to be checked to one AP?

3-If  i just need to trunk it to just one AP, it is recomended to trunk it to at leas 2? just in case one goes down?

4-If i just trunk all the vlans to one AP, let say im a big company and i got  A LOT of vlans... is not recommened to trunk all vlans to one AP? or this just doesnt matter?

 

 

Any good practice using this is welcome if any of you can mention them.

 

 


1.  You can use an AP for detection, but an Air Monitor is much more effective.

2.  Yes.

3.  Yes, but the controller will also collect macs on any VLAN that is trunked to (System-Wired-MAC).  That is  a better approach.  

4.  Please see comment #3

 

 

Colin Joseph
Aruba Customer Engineering
MVP
NightShade1
Posts: 2,346
Registered: ‎10-25-2011

Re: L3 rogue detection

Hello Cjoseph

thanks for asnwering my tread

 

So in this case i would be able to trunk all the vlans to the Wireless controller INSTEAD of any AP, and it will still collect the mac address?

 

If that true then i ask you something

1-On the switch that the WC is plugged i trunk all the vlans to the WC

2-On the WC do i have to configure the vlans and also trunk back even if i dont use them? or its like the AP in which i had to do nothing? on the AP i just trunk the vlans to it and thats it... but i dont trunk anything back, could you please clarify me this one for me cjoseph

 

Thanks

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Moderator
cjoseph
Posts: 12,047
Registered: ‎03-29-2007

Re: L3 rogue detection

It just has to be trunked to the controller.  To turn on wired mac learning:

 

#config t wms general learn-system-wired-macs enable

 To see what macs the controller has learned:

 

show wms wired-mac system-wired-mac

 To know if it is even on or not:

show wms general

Colin Joseph
Aruba Customer Engineering
MVP
NightShade1
Posts: 2,346
Registered: ‎10-25-2011

Re: L3 rogue detection

Thank you very much cjoseph

 

just one last quesiton

If you had APs on air monitor and you could just turn on this

Which one you would pick?  any of those are okay ? one is not better than the other or at least less recommended?

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Moderator
cjoseph
Posts: 12,047
Registered: ‎03-29-2007

Re: L3 rogue detection

A combination is best.

 

There is always one remote VLAN that you cannot physically trunk to the controller.  You would put an AP on that trunk.

 

Colin Joseph
Aruba Customer Engineering
MVP
NightShade1
Posts: 2,346
Registered: ‎10-25-2011

Re: L3 rogue detection

This is true this is true.... i got one scenario exactly just like that.

 

Thanks you very much cjoseph!!!

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Contributor II
FlorianKueck
Posts: 44
Registered: ‎08-12-2011

Re: L3 rogue detection

Are the learned mac address shown in the gui?

 

My Controller detects a few rouge aps but i did not get the information about the wired mac.

The controller marks an AP as rouge if it is seen on wireless an wired side of the network, correct?

Moderator
cjoseph
Posts: 12,047
Registered: ‎03-29-2007

Re: L3 rogue detection

"show wms rogue-ap <wireless mac of ap>" will say how it was discovered.

 

Colin Joseph
Aruba Customer Engineering
Contributor II
FlorianKueck
Posts: 44
Registered: ‎08-12-2011

Re: L3 rogue detection

There is no way to see it on the dashboard?

 

Where is the information how it wa discovered? I'n not shure if it is really a rogue ap or an interfering.

 

Rogue AP Info
-------------
Key           Value
---           -----
BSSID         00:11:XX:XX:XX
SSID          FRITZ!BoxFon WLAN 7170
Channel       12
Type          generic-ap
RAP Type      rogue
Status        up
Match Type    Eth-GW-Wired-Mac
Match MAC     00:a0:c5:XX:XX:XX
Match IP      0.0.0.0
Match AM      OAP-ZV0XX
Match Method  Exact-Match
Match Time    Tue Mar 27 09:09:50 2012