User's Manual
Table Of Contents
- Chapter 1: Introduction 1-1
- Chapter 1: Introduction
- Chapter 2: Hardware Installation
- Chapter 3: Network Configuration
- Chapter 4: Initial Configuration
- Chapter 5: System Configuration
- Chapter 6: Command Line Interface
- Using the Command Line Interface
- Entering Commands
- Command Groups
- General Commands
- System Management Commands
- System Logging Commands
- System Clock Commands
- DHCP Relay Commands
- SNMP Commands
- snmp-server community
- snmp-server contact
- snmp-server location
- snmp-server enable server
- snmp-server host
- snmp-server trap
- snmp-server engine-id
- snmp-server user
- snmp-server targets
- snmp-server filter
- snmp-server filter-assignments
- show snmp groups
- show snmp users
- show snmp group-assignments
- show snmp target
- show snmp filter
- show snmp filter-assignments
- show snmp
- Flash/File Commands
- RADIUS Client
- 802.1X Authentication
- MAC Address Authentication
- Filtering Commands
- WDS Bridge Commands
- Spanning Tree Commands
- Ethernet Interface Commands
- Wireless Interface Commands
- interface wireless
- vap
- speed
- multicast-data-rate
- channel
- transmit-power
- radio-mode
- preamble
- antenna control
- antenna id
- antenna location
- beacon-interval
- dtim-period
- fragmentation-length
- rts-threshold
- super-g
- description
- ssid
- closed-system
- max-association
- assoc-timeout-interval
- auth-timeout-value
- shutdown
- show interface wireless
- show station
- Rogue AP Detection Commands
- Wireless Security Commands
- Link Integrity Commands
- IAPP Commands
- VLAN Commands
- WMM Commands
- Appendix A: Troubleshooting
- Appendix B: Cables and Pinouts
- Appendix C: Specifications
- Glossary
- Index
Rogue AP Detection Commands
6-111
6
Example
rogue-ap authenticate
This command forces the unit to authenticate all access points on the network. Use
the no form to disable this function.
Syntax
[no] rogue-ap authenticate
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless)
Command Usage
Enabling authentication in conjunction with a database of approved access
points stored on a RADIUS server allows the access point to discover rogue
APs. With authentication enabled and a configure RADIUS server, the access
point checks the MAC address/Basic Service Set Identifier (BSSID) of each
access point that it finds against a RADIUS server to determine whether the
access point is allowed. With authentication disabled, the access point can
identify its neighboring access points only; it cannot identify whether the
access points are allowed or are rogues. If you enable authentication, you
should also configure a RADIUS server for this access point (see “RADIUS”
on page 5-7).
Example
rogue-ap duration
This command sets the scan duration for detecting access points.
Syntax
rogue-ap duration <milliseconds>
milliseconds - The duration of the scan. (Range: 100-1000 milliseconds)
Enterprise AP(if-wireless g)#rogue-ap enable
configure either syslog or trap or both to receive the rogue APs
detected.
Enterprise AP(if-wireless g)#
Enterprise AP(if-wireless g)#rogue-ap authenticate
Enterprise AP(if-wireless g)#