How to Make the AP learn the Gateway mac if it is HSRP/VRRP


How to Make the Ap learn the Gateway mac if it is HSRP/VRRP




By default we ignore gateway MAC’s with VRRP or HSRP addresses and because of which we may end up detecting the AP as a suspect  rogue with 20% (matched just on Ethernet MAC).





If you have two enterprises class companies in the same location it is very possible that they would be using Cisco HSRP or VRRP as the router address, so it is very possible for us to incorrectly determine an AP is a rogue if the customer next door just happens to have a HSRP interface - which happens to match your own


To be done


We have to enable the following option in IDS for the Ap to learn he gateway if it’s configured as HSRP

ids unauthorized-device-profile "default"

   allow-well-known-mac hsrp

Version history
Revision #:
2 of 2
Last update:
‎06-01-2015 11:47 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: