Wireless Access

Is it possible to turn off rouge detection? If so is it a global setting or can you turn it on or off per AP group?

It is under the IDS settings in the AP-Group

(controller) #show  ids ?
ap-classification-rule  IDS AP Classification Rule profile
ap-rule-matching        Show the IDS Active AP Rules Profile
dos-profile             Show an IDS Denial Of Service Profile
general-profile         Show an IDS General Profile
impersonation-profile   Show an IDS Impersonation Profile
management-profile      Show the IDS WMS Management Profile
profile                 Show an IDS Profile
rap-wml-server-profile  Show an IDS RAP WML Server Profile
rap-wml-table-profile   Show an IDS RAP WML Table Profile
rate-thresholds-profi.. Show an IDS Rate Thresholds Profile
signature-matching-pr.. Show an IDS Signature Matching Profile
signature-profile       Show an IDS Signature Profile
unauthorized-device-p.. Show an IDS Unauthorized Device Profile
wms-general-profile     Show the IDS WMS General Profile
wms-local-system-prof.. Show the IDS WMS Local System Profile

Did you mean in general or just from being displayed?  If you're referring to rogues in AMP, you can hide the RAPIDS tab by toggling the AMP Setup -> General tab -> AMP features box -> Display RAPIDS = No.  If you do so, you would also want to delete any trigger/alerts that are based on RAPIDS along with any reports since RAPIDS will still process in the background.

The client doesn't have Airwave (Yet). I'm looking to turn off rogue detection on a particular AP group so that it doesn't show up on the Dashboard>Security section.

The rest of the groups I still want to continue to find rogue AP's.

I made the following changes on the group but hasn't seemed to help. (unchecked them)

---

@Jaasperff wrote:

The client doesn't have Airwave (Yet). I'm looking to turn off rogue detection on a particular AP group so that it doesn't show up on the Dashboard>Security section.

 

The rest of the groups I still want to continue to find rogue AP's.

 

I made the following changes on the group but hasn't seemed to help. (unchecked them)

 

 

 

 

 

---

Jaasperf,

Two things:

In 6.2 and above, the "Learn AP" parameter has been moved from the IDS profile, which is a per-ap-group parameter, to WMS general, which is a  parameter that "Learns" or marks access points as Valid until you can shape your IDS/IPS policy.  In 6.1.x, it used to be in the IDS profile, so you could "Learn" or mark all foreign access points discovered in that AP-group as valid.  In addition, if you uncheck "Rogue Classification" it will mark ALL access points as rogues, so you want that checked so that it does not exacerbate your problem:

Here is the parameter to enable Learning, so that new external access points are not classified as rogues:

Collin,

Thanks for the reply on this.

Customer is on 6.2.1.2

They are looking to turn off all detection on a particular AP group because that office is located in a strip mall and constantly has new SSID being brought up and taken down. They definately want to keep rogue detection on for their other campus locations.

So tell me if I"m wrong here but from what I you stated that is no longer possible on a "per AP group" on the 6.2.X.X. 

Customer will most likely be moving to 6.3.X.X after we implement CPPM in a few months. Do you if it will be possible then?

---

@Jaasperff wrote:

Collin,

 

Thanks for the reply on this.

 

Customer is on 6.2.1.2

 

They are looking to turn off all detection on a particular AP group because that office is located in a strip mall and constantly has new SSID being brought up and taken down. They definately want to keep rogue detection on for their other campus locations.

 

So tell me if I"m wrong here but from what I you stated that is no longer possible on a "per AP group" on the 6.2.X.X. 

 

Customer will most likely be moving to 6.3.X.X after we implement CPPM in a few months. Do you if it will be possible then?

 

 

 

 

 

 

---

Jaasperf,

Suggestions:

It is no longer possible to do AP learning per ap-group and there are no plans to  bring that back.

The controller will ALWAYS report rogues that are BOTH on the wired AND wireless network of the access points at that location.  Are there other access points on the wired network that need to be ignored there?  Are there other access points that are being reported as rogues and are not?

You can use the WIP wizard to create a rogue classification rule so that access points that are seen to something harmless like neighbor.

Hey Jaasper, what did you end up doing here? We have the same "issue" for all our RAP's. It's really just clogging up the Rogue AP list since most of our employees have the RAP in addition to one or two private wifi-routers. Adding them automatically to Neighbour sounds like a good idea..