Technical data
Configuring Rogue AP Detection Using the CLI
© 2012 Meru Networks, Inc. Rogue AP Detection and Mitigation 189
Table 12: CLI Commands for Configuring Rogue Detection
Configuring the AP Access and Block Lists with the CLI
The feature uses an Access Control List (ACL) containing a list of allowed BSSIDs and
a list of Blocked BSSIDs. By default, all Meru ESS BSSIDs in the WLAN are automatically
included in the allowed ACL. A BSSID cannot appear in both lists.
To add an access point with a BSSID of 00:0e:cd:cb:cb:cb to the access control list as
an authorized access point, type the following:
controller (config)# rogue-ap acl 00:0e:cd:cb:cb:cb
controller (config)#
To see a listing of all BSSIDs on the authorized list, type the following:
controller# show rogue-ap acl
Allowed APs
BSSID
00:0c:e6:cd:cd:cd
00:0e:cd:cb:cb:cb
A BSSID cannot be on both the blocked list and the access list for rogue AP detection
at the same time. Suppose 00:0c:e6:cd:cd:cd is to be placed on the blocked list. If
this BSSID is already on the authorized list, you must remove the BSSID from the
authorized list, and then add the BSSID to the blocked list, as follows:
controller (config)# no rogue-ap acl 00:0c:e6:cd:cd:cd
controller (config)#
controller (config)# rogue-ap blocked 00:0c:e6:cd:cd:cd
controller (config)# exit
controller# show rogue-ap acl
Allowed APs
BSSID
00:0e:cd:cb:cb:cb
controller# show rogue-ap blocked
BssId Creation Date Last Reported
Rogue Detection Command Action
rogue-ap acl
Adds to list of allowed BSSIDs
rogue-ap blocked
Adds to list of blocked BSSIDs
show rogue-ap globals
Displays current rogue data.
rogue-ap scanning-time
Configures time spent scanning channels
rogue-ap operational-time
Configures time spent performing normal AP WLAN
operations on the home channel