Wireless Access

So our rogue detection on the LAN seemed to previously work when we had our user VLANs trunked to our controller. We have noticed and tested that it doesn't seem to detect anymore after we moved all our different areas to new layer 3 networks so we can't trunk layer 2 VLANs to the controller anymore. The AP's are all still in the user VLAN, is the only away to detect properly is to deploy air monitors or is there something else we can do?

 

 

Are your APs in the wired user subnets or in dedicated ones?

AP’s are in the wired user subnets, that VLAN just isn’t capable of trunking to the controller since it’s in a completely separate layer 3 network.

As long as the rogue is connected in a subnet where there is at least 1 AP, it should be detected.

Additionally, any local-to-the-network VLANs need to be trunked to the AMs and APs as well so that those APs and AMs can sniff the other VLAN's traffic. Even though the AM or AP will see dot1q tags, they know how to parse and inspect them.

When the controller sees the MAC address AP via wireless (WiFi) and Wireless (LAN), it is classified as a Rogue AP.

and since the MAC address belong to Layer 2 (VLAN), as said before, you must have at least one AP in each VLAN or better AM trunked with all VLANs to be able to detect Rogue AP