1-49
FAQ and Troubleshooting Guide for the CiscoWorks Wireless LAN Solution Engine
OL-8376-01
Chapter 1 FAQs and Troubleshooting
Intrusion Detection System FAQs and Troubleshooting
Intrusion Detection System FAQs and Troubleshooting
• Intrusion Detection System FAQs
• Intrusion Detection System Troubleshooting
Intrusion Detection System FAQs
Detecting Rogue APs
• Q.How does WLSE detect rogue APs?
• Q.What is the difference between a rogue and a friendly AP?
• Q.How does the WLSE distinguish between a rogue device and an ad-hoc device?
• Q.How often does rogue AP detection occur and can it be customized?
• Q.How long does it typically take for the WLSE to detect a rogue access point after it is connected
to the network?
• Q.Can I disable transmit on an AP and yet allow it to receive signals so that it can participate in
rogue AP detection?
• Q.I want to disable Radio Monitoring and detect rogue APs only when AP Radio Scan jobs are
scheduled. Is this possible?
• Q.What requirements and configuration are needed before a client can participate in rogue AP
detection?
• Q.Can the client be used to help triangulate a rogue AP?
• Q.How can I automatically adjust the channel and power settings on my managed APs to overcome
the coverage problems introduced by rogue APs?
• Q.I understand that WLSE does not accept SNMP traps that indicate an AP detected a rogue. So why
is an AP that is currently designated as the WDS generating rogue AP SNMP traps?
• Q.I configured the Friendly AP-to-Rogue AP no-observation period as 5 minutes, moved a rogue AP
(AP1) to the friendly list, and shut down its radio. After 5 minutes, AP1 was moved to the rogue AP
list. When I moved AP1 back to the friendly list, it was immediately (with in 40 seconds) moved
back to the rogue AP list.
• Q.What should I do when my system is overrun with rogue APs?
• Q.Why is a fault generated regardless of the threshold set for detecting rogue APs with an defined
RSSI value under IDS > Manage Network-Wide IDS Settings?
Interference Detection
Q.Are the Network-Wide > Interference Detection settings of -87dbm for 10% always the same, or are
they the optimal recommended values, or are they calculated depending on the environment? Should they
be left alone, or are there any recommendations?
APs in Scanning-Only Mode
• Q.Why are the APs running in scanning-only mode having problems with sporadic connection loss
and image upgrade failure?
• Q.Which WLSE IDS functions require dedicated scanning APs?