Rogue AP Containment Overview
The Catalyst Center Rogue AP Containment feature contains the wired and wireless rogue APs. In case of wired rogue AP containment, Catalyst Center brings the ACCESS mode switchport interface to the DOWN state in which the rogue AP is attached. In case of Wireless Rogue AP Containment, Catalyst Center instructs the strongest detecting wireless controller to initiate containment on wireless rogue BSSIDs. The wireless controller, in turn, instructs the strongest detecting APs for those BSSIDs to stream the deauthentication packets to disrupt the communication between the rogue APs and the wireless clients of that rogue AP.
Rogue AP containment is further classified as:
-
Wired Rogue AP Containment: The rogue AP MAC addresses classified as Rogue on Wire on the Catalyst Center rogue threat dashboard.
-
Wireless Rogue AP Containment: The rogue AP MAC addresses classified as Honeypot, Interferer, or Neighbor on the Catalyst Center rogue threat dashboard.
Rogue AP containment is supported on Cisco AireOS Controllers and Cisco Catalyst 9800 Series Wireless Controllers.
Note |
Containment is not supported on aWIPS threats. |