• Advertisement

How can I ensure only known APs connect to WLC

Configuring Wireless Cisco Networks and Wireless Controllers.

How can I ensure only known APs connect to WLC

Postby Guest » Wed Dec 01, 2010 10:43 am

I have a Cisco 2112 WLC with 1131 LWAPs

 

How can I ensure only known APs connect to the WLC?

 

Thanks in advance

 

Richard

Guest
 

Advertisement

Re:How can I ensure only known APs connect to WLC

Postby Guest » Wed Dec 01, 2010 11:16 am

 

Hi Richard,

 

You can prime the AP by prividing the Management ip to join and the other way is to maitain the APs by using the Rogue rules..

 

Here is the link to do the same..

 

Priming the AP

==========

 

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml

 

Rogue Rules

===========

 

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70rrm.html#wp1180349

 

lemme know if this answered your question..

 

Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

Guest
 

Re:How can I ensure only known APs connect to WLC

Postby Guest » Wed Dec 01, 2010 12:05 pm

Can you elaborate further by the statement "known APs connect to WLC"?

 

Cisco APs, running the correct IOS, can join a WLC.  Another hurdle is the port.  It has to be in the correct VLAN and should be an access port.

 

If you have, say, a NetGear AP then theres a snowballs-chance-in-he11 itll join the WLC.

Guest
 

Re:How can I ensure only known APs connect to WLC

Postby Guest » Wed Dec 01, 2010 1:29 pm

On larger deployments or if you have a ACS you can go security --> ap polices --> AP authorize against AAA.

Guest
 

Re:How can I ensure only known APs connect to WLC

Postby Guest » Wed Dec 01, 2010 1:44 pm

Elaborating further .....

 

I am ensuring that my wireless network will pass the PCI data security Standards.

 

If somebody else connects a Cisco 1131 Ap into the network it will be seen by the 2112 WLC and be able to be connected to.

 

If the malicious person with this access point was using a console cable, could they not arrange to capture packets or disrupt the network in some way?

 

I would like to be able to ensure that this possible rougue Ap would only be able to function within the network after correct configuration via the WLC.

 

Richard

Guest
 



  • Advertisement


Similar topics


Return to Cisco Wireless

Who is online

Users browsing this forum: No registered users and 3 guests