A WLC sends alarms about a rogue AP, and the network administrator verifies that the alarms are caused by a legitimate autonomous AP. How must the alarms be stopped for the MAC address of the AP?
A WLC sends alarms about a rogue AP, and the network administrator verifies that the alarms are caused by a legitimate autonomous AP. How must the alarms be stopped for the MAC address of the AP?
To stop alarms for a legitimate autonomous AP, the network administrator should set the AP Class Type to Friendly. This action informs the Wireless LAN Controller (WLC) that the AP is recognized and trusted, effectively stopping further rogue AP alarms for that particular MAC address. Other actions such as removing the AP from WLC management, placing it into manual containment, or manually removing it from a pending state are either unnecessary or would disrupt the network for legitimate users.
Keyword is "legitimate autonomous AP" Answer is D I think option B will kick the clients, which you probably don't want https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html#anc23 https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html#anc34 https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html#anc32 Also search for "Valid client on Rogue AP" in provided links
I agree basIn order to classify a rogue AP as friendly, malicious, or unclassified, navigate toMonitor > Rogue > Unclassified APs, and click the particular rogue AP name. Choose the option from the drop-down list, as shown in the image.ed on the article" Taken from the article in the link "
Didnt paste that in so smoothly but you get my point
Yes, you're right. In the docs you'll find a discussion on exactly what "containment" is in this context: "Containment is a method that uses over-the-air packets to temporarily interrupt service on a rogue device until it can physically be removed. Containment works with the spoof of de-authentication packets with the spoofed source address of the rogue AP so that any clients associated are kicked off." Since it's a legitimate friendly AP, that's obviously not what you want to do.
Fk you net acad
The Answer is D
A WLC will send alarms about a rogue AP when it detects an AP that is not under its management. This can happen when a legitimate autonomous AP is installed on the network. To stop the alarms, the network administrator must set the AP Class Type to Friendly. This will tell the WLC that the AP is a legitimate AP and that it should not send alarms about it. The other options are incorrect for the following reasons: Removing the AP from WLC management will stop the alarms, but it will also prevent the WLC from managing the AP. This is not necessary, since the AP is a legitimate AP. Placing the AP into manual containment will stop the alarms, but it will also prevent the AP from being used by clients. This is not necessary, since the AP is a legitimate AP. Manually removing the AP from Pending state will not stop the alarms. The WLC will continue to send alarms about the AP until the AP Class Type is set to Friendly.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010111001.html Internal—If the unknown access point is inside the network and poses no threat to WLAN security, you would manually configure it as Friendly, Internal. An example is the access points in your lab network. External—If the unknown access point is outside the network and poses no threat to WLAN security, you would manually configure it as Friendly, External. An example is an access point that belongs to a neighboring coffee shop. Alert—The unknown access point is moved to Alert if it is not in the neighbor list or in the user-configured friendly MAC list.
Answer is D
Rule-Based Rogue States Classification Type • Internal—If the unknown access point is inside the network and poses no threat to WLAN security, you would manually configure it as Friendly, Internal. An example is the access points in your lab network. • External—If the unknown access point is outside the network and poses no threat to WLAN security, you would manually configure it as Friendly, External. An example is an access point that belongs to a neighboring coffee shop. • Alert—The unknown access point is moved to Alert if it is not in the neighbor list or in the user-configured friendly MAC list. Friendly link https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-2/configuration_guide/b_162_consolidated_3850_cg/b_162_consolidated_3850_cg_chapter_01100101.pdf
Must be more D than B
On a Cisco Wireless LAN Controller (WLC), when a rogue AP alarm is received and it is determined that the AP is indeed legitimate, you can stop the alarms for that particular AP by designating it as a 'Friendly' AP. This is done to acknowledge that the AP is known and not a security threat. The correct way to stop the alarms for the MAC address of a legitimate autonomous AP is: D. Set the AP Class Type to Friendly. By classifying the AP as 'Friendly,' the WLC recognizes the AP as a known and trusted device, and it will not trigger rogue AP alarms for that MAC address in the future. This is the standard way of handling such a scenario on a Cisco WLC.
it´s D
Answer is D: "If a rogue AP is classified as friendly, it means that the rogue AP exists in the vicinity, is a known AP, and need not be tracked. Therefore, all the rogue clients are either deleted or not tracked if they are associated with the friendly rogue AP." https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_0111010.html.xml B will remove the client from the network by using the nearby legitimate APs to jam it. This doesn't turn off the alarms either: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html#toc-hId--1159393380
Manual containment is the appropriate action in this case. It allows you to manually identify the AP as legitimate and prevent the WLC from sending rogue AP alarms for that specific AP. This way, the WLC will stop treating it as a rogue and generating alarms while still being managed by the WLC.
When the controller receives a rogue report from one of its managed access points, it responds as follows: 1. The controller verifies that the unknown access point is in the friendly MAC address list. If it is, the controller classifies the access point as Friendly. 2. If the unknown access point is not in the friendly MAC address list, the controller starts applying rogue classification rules. Source: https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_0111010.html.xml
If the rogue access point is not on the network, the controller marks the rogue state as Alert, and you can manually contain the rogue.
Answer is D. Search for "Table 1. Classification Mapping" in following link: https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_0111010.html.xml Regards,
If the alarms sent by the WLC are caused by a legitimate autonomous AP, the most appropriate action to stop the alarms for the MAC address of the AP is: B. Place the AP into manual containment. Manual containment is a method used to block a rogue AP and prevent it from interfering with the wireless network. It is a more targeted and less disruptive method compared to removing the AP from WLC management altogether, which would result in loss of connectivity for the AP.
Rogue Classification Rules Rogue classification rules, allow you to define a set of conditions that mark a rogue as either malicious or friendly. These rules are configured at the PI or the WLC, but they are always performed on the controller as new rogues are discovered.
Rogue Containment Containment is a method that uses over-the-air packets to temporarily interrupt service on a rogue device until it can physically be removed. Containment works with the spoof of de-authentication packets with the spoofed source address of the rogue AP so that any clients associated are kicked off.
https://www.cisco.com/c/dam/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00-14.jpeg