Guest

Preview Tool

Cisco Bug: CSCuq88748 - Rogue APs wrong classification from malicious to unclassified

Last Modified

Oct 20, 2016

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

7.4(122.25)

Description (partial)

Symptom:
Rogue APs classification is having unexpected behaviors:
- AP is first recognized as Rogue and put on the unclassified APs section.
- It matches the only Rogue classification rule to put the AP in "malicious" mode if it is heard with RSSI value at -55dBm or higher.
- In less than a couple of minutes the Rogue AP is reclassified to the unclassified APs section just because another AP heard this Rogue with a lower RSSI value than the one configured on the only rule. When this "reclassification" occurs, the WLC reports this state was changed by a "Rule" with a "Rule Name" of default (which doesn't exist).

Conditions:
Rogue AP classification based on rules is not working as expected on 7.4. We can see how the same Rogue AP jumps from malicious to unclassified when detected by multiple APs with different RSSI values, even though this should not happen:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_0111110.html#reference_B9751F90B09647719D7B49BD1F2C165F
"- If rogue is classified as malicious, irrespective of the state it does not get re-classified on subsequent rogue reports.
- Transition of the rogue's state from malicious to any other classification is not possible by any rogue rule."
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.