Version 4.1 - 1.8 Wireless Part 3
Let's begin this section with Rogue APs. At the 1,000 foot level - Rogue APs are simply APs in your area that you do not control. They are not necessarily malicious, but they could be. Someone in a cubicle setting up an AP could cause problems. Enterprise clients could mistakenly connect to it - and there's another Help Desk call. That's minor. The bigger issue is when someone (or some department) sets up an AP and connects it to the port in their cubicle. Those are the rogue APs that are more concerning.
Here's the Cisco Documentation on Rogue Management in a Unified Wireless Network. You really should read this document.
Basically Rogue detection relies on managed APs to scan around and rat out the rogue APs. Think about it. A good AP takes some time every now and then to see if it can connect to anything around it. And then it notes if it can and sends the information on to the "network" (basically to the WLC). The "network" knows all the MACs on its ports. Now if an AP on SW1 (with a known MAC) is able to connect to a Rogue AP and try and send traffic - well that traffic will be seen on SW3 (where it shouldn't be) and that's a big red flag, isn't it? One of the things that these processes don't cover is an area without wireless. If someone in Bldg 10 (which doesn't have managed APs) plugs their own AP into the switch, there are no authorized APs to detect it. This is where CDP and SNMP comes into play. But you see where I'm going with this, right? Would anybody even think about wireless if it's not set up and provisioned in that location?
There's one other thing you don't see in the documentation. And it may not be on the exam, but on a real network - remember that detecting the rogue AP is not enough. You have to do something about it. If you've ever been on a WLC, you see the rogues listed. Have you ever met anyone who felt it was "their job" to resolve any of those entries? Granted, most places don't have a dedicated wireless person. It's just one guy who's better at Wireless then maybe the others. And it's only a fraction of their assigned tasks. But most say they know about the entries and they're going to look into it when they get a chance. They never get a chance. Just sayin' -
Another interesting Cisco Doc is the Wireless LAN Controller (WLC) Design and Features FAQ. "When the AP joins a WLC, a Control and Provisioning of Wireless Access Points protocol (CAPWAP) tunnel is formed between the two devices. All traffic, which includes all client traffic, is sent through the CAPWAP tunnel. " Yeah, read this doc. [Note: this is covered in the INE videos.]
So I'm looking at the blueprint and "Session Establishment" is awfully vague. Is it the client session with the AP? Is it the AP's connection to the WLC? I think the general connection establishment of both have been covered. Yes, there are more specifics (I didn't discuss WEP, WPA or WPA2) but that would be covered later. At this point, I've reviewed the Wireless material and I feel comfortable with it. I've dealt with Cisco APs. I'm familiar with the configuration files. I've done some Wireless troubleshooting. I'm very familiar with the WLC interface. I've recently passed the SISAS (which includes ISE and integration with WLCs). After writing all this, I surprised myself on how much I knew about wireless. And it's funny how just being a geek (and getting my ham radio Operator license) contributed to some of the things I know. No knowledge is ever wasted. Learn all you can. And with this, I'm putting wireless "to bed."