Cisco

WLC detecta como «Rogue» a clientes

6 diciembre, 2018
bjone

Una cosa rara que empece a ver hace unos días, resulta que uno de los WLC’s (Un 2504 con software 8.3.143.0)

Es raro … buscando un poco encontré un bug (CSCvf31881) que dice mas o menos lo mismo que me pasa a mi, pero con otro modelo de AP.

«Symptom:
A wireless client, which is associated to a Cisco AP, is detected, at the same time, as a rogue client, connected to itself as a rogue AP.

Also, from GUI of the controller, we can see the client among the «Rogue clients» but not in the «Friendly/Malicious/Custom/Unclassified APs» list.

Conditions:
Client is an Intel 8260, 8265, 9260, 18260.

Seen with AP-COS APs, but not with IOS APs.

Workaround:
Manually classifying the client mac address as Friendly, will avoid any possible containment.

Further Problem Description:
This is triggered by the Intel client periodically transmitting frames to its own MAC address, with the BSSID field set to its own MAC address. This is radio calibration activity, and is normal for Intel 8260 (and more recent) adapters.»

La solución, como casi siempre es actualizar la versión … o sino darlos de alta a mano como «Friendly».

«Manually classifying the client mac address as Friendly, will avoid any possible containment.»

Para hacerlo … hay que apuntar la mac ir a security -> Wireless protection policies -> Rogue policies -> Friendly Rogue y añadirlo.

https://community.cisco.com/t5/wireless-security-and-network/wlan-client-ist-detected-as-rogue-client-and-rogue-ap/td-p/3182866

Deja un comentario

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.