View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Wireless » WL0031 - WLC Rogue Detection and IDS (Part 1)

WL0031 - WLC Rogue Detection and IDS (Part 1)

Rating: 
0
No votes yet
Difficulty Level: 
3
Lab Document: 
<Please login to see the content>
Category: 
Wireless
Video Download: 
Title: WL0031 - Video Download $20.00
Purchase WL0031 - Video Download $20.00
The video discusses a topic of rogue device detection on Cisco Wireless LAN Controller. We will demonstrate how a rogue is detected, using Monitor Mode AP and WSM, and determined if it is connected to your corporate network. We will go through configuration of rogue classification and containment. The video closes with overview on wireless IDS. Wireshark captures are taken throughout the video to provide you with insight into protocol behavior. 
 
Part 1 of the video covers basic configuration and settings of rogue detection
 
Topic:
  • Rouge Detection
  • Monitor Mode AP and Wireless Security Module (WSM)
  • Rogue Location Discovery Protocol (RLDP)
  • Rogue Detector AP
  • Rogue Classification
    • Friendly, Malicious, Custom, Unclassified
  • Manual and Auto Rogue Class Assignment
  • Rogue Containment (Manual and Automatic)
  • Wireless Intrusion Detection
  • Wireless IDS Signature
  • Wireshark Capture
Tag: 
wireless
wlc
rogue
rldp
monitor
wsm
ids
wireshark

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

8 comments

Submitted by sherief on Wed, 11/14/2018 - 11:47

we have 2800 series cisco AP. does we need to purchase securty module to detect rogue APs, or the 2800 series contain embded module and need to purchase.

Submitted by admin on Sun, 11/18/2018 - 22:41

No. You can enable wIPS mode and have AP temporarily go off the air and perform scanning. In fact, 2800 has no expansion module slot like 3800

Submitted by sherief on Mon, 11/19/2018 - 14:51

Hi Meths, thanks for your answer, but what do you mean with off the air, means monitor mode or rogue detector mode. and how many AP i should put in off the line.

Submitted by admin on Sun, 11/25/2018 - 20:12

You have AP operate in regular Local Mode with wIPS submode (aka Enhanced Local Mode). That way the AP can both serve client and "go off the air" to perform airwave scanning for intrusion

Submitted by sherief on Wed, 11/14/2018 - 11:58

Hi metha, what is the model of APs in this video ?

Submitted by admin on Sun, 11/18/2018 - 22:41

They are 3702

Submitted by sherief on Mon, 11/19/2018 - 14:54

Hi metha, i know that used 3700 model to perform the lab, my question is what is the functions i can do with 2802 series APs. can i contain rogue APs and clients like you did with 3700. or only i can enable wIPS ?

Submitted by admin on Sun, 11/25/2018 - 20:09

Yes you can have 2800 AP perform containment.