Home
Support
Product Support
Cloud and Systems Management
Cisco Catalyst Center
End-User Guides

Cisco Catalyst Center Rogue Management and aWIPS Application Quick Start Guide, Release 3.2.x

Releases

3.2.x
3.1.x
2.3.7.x

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Expand all sections

About this content

Catalyst Center Rogue Management and aWIPS Application

Introduction to the Rogue Management and aWIPS application
About Rogue Management
About Advanced Wireless Intrusion Prevention System
Scale information
Basic setup workflow

Install Catalyst Center Rogue Management Application Package

Application management
Download and Install the Rogue Management and aWIPS application package

Monitor the Rogue and aWIPS Dashboard

Access the Rogue Management and aWIPS application
Monitor the Rogue Management and aWIPS dashboard
Monitor network rogue threats
Get rogue AP and rogue client details from the Threat 360° view
Download aWIPS profile forensic capture from the Threat 360° view
View details of all rogue APs on a floor in a floor map
Deploy your device configurations now or later
Preview and deploy your device configurations

aWIPS Profiles

About aWIPS profiles
Create an aWIPS profile configuration workflow
View an aWIPS profile
Assign an aWIPS profile to the network device
Edit an aWIPS profile
Delete an aWIPS profile
Enable or disable aWIPS or aWIPS forensic capture

Rogue AP Containment on Wired and Wireless Networks

Rogue AP Containment overview
Wired rogue AP containment
Wireless Rogue AP Containment
Cisco Rogue AP Containment Actions Compatibility Matrix
View tasks and audit logs of rogue AP containment type

Custom Classification of Rogue APs

About the allowed list workflow
Set up the allowed list workflow
About custom rogue rule creation
Edit a rogue rule
Delete a rogue rule
Create a custom rogue rule
About rogue rule profiles
Edit a rogue rule profile
Delete a rogue rule profile
Create a rogue rule profile
View the allowed access points list
About the allowed vendor list
View vendor rule list information
Edit a vendor rule
Delete a vendor rule
Create a list of allowed vendors

Rogue and aWIPS Event Notifications

Information about the rogue and aWIPS event notifications

Custom Classification of Rogue APs

Updated: May 5, 2026

Overview

Explains how to create custom rules, manage allowed lists, and classify rogue devices based on risk.

About the allowed list workflow

Introduces the allowed list workflow in Catalyst Center, enabling administrators to move specific rogue AP MAC addresses to an allowed list in bulk. Outlines supported rogue types, such as Rogue on Wire and Honeypot, while identifying threat categories that are excluded from this functionality.

Set up the allowed list workflow

Details the workflow for managing allowed rogue APs in Catalyst Center, including bulk CSV uploads and individual MAC address management. Explains the necessary administrative permissions, file validation requirements, and how to update threat categories to ensure accurate network security monitoring.

About custom rogue rule creation

It looks like you've captured the essence of custom rogue rules in Catalyst Center. This summary effectively highlights how these rules help administrators minimize noise and tailor threat management to their specific organizational needs.

Edit a rogue rule

Provides instructions for editing existing rogue rules in Catalyst Center, including modifying rule conditions and managing auto-containment settings. Explains that configuration changes apply only to new data and highlights specific constraints for enabling automatic containment for Honeypot and high-level threats.

Delete a rogue rule

Provides instructions for deleting rogue rules in Catalyst Center, noting that predefined rules like Honeypot cannot be removed. Explains that deleting the last rule in a profile removes the entire profile and allows you to view previously deleted items under the Inactive tab.

Create a custom rogue rule

Provides instructions for creating custom rogue rules in Catalyst Centerby defining specific threat conditions and associating them with rule profiles. Details how to configure threat levels, enable auto-containment for high-level threats, and manage rule priorities to effectively classify and mitigate network security risks.

About rogue rule profiles

Introduces rogue rule profiles in Catalyst Center, which allow you to group and prioritize specific rogue rules for site-based threat management. Explains how rule profiles are inherited through the network hierarchy and how direct floor-level assignments take precedence over inherited parent-site configurations.

Edit a rogue rule profile

Guides you through editing rogue rule profiles in Catalyst Center, including managing rule associations and auto-containment settings. Explains that configuration updates apply only to new data and notes that the predefined Honeypot rule is automatically included in all new profiles for consistent threat management.

Delete a rogue rule profile

Provides instructions for deleting rogue rule profiles in Catalyst Center. Explains how to navigate to the Rogue Rule Profiles tab to select and remove specific profiles from the system.

Create a rogue rule profile

Details the process of creating a rogue rule profile in Catalyst Center, including adding specific rules, setting their priority, and associating the profile with a site. Explains how to configure auto-containment settings and verify the final configuration to ensure effective threat management across your network.

View the allowed access points list

Guides you through accessing and managing the Allowed Access Points list in Catalyst Center. Explains how to view MAC addresses, search or filter specific entries, export the list to CSV, and add or remove access points to maintain accurate threat detection.

About the allowed vendor list

Introduces the Allowed Vendor List feature, which enables you to reclassify threats from specific vendors as Potential or Informational rather than High. Explains that you can add up to five vendors per workflow and that site-specific vendor rules take precedence over inherited configurations.

View vendor rule list information

Provides instructions for viewing the list of created vendor rules in Catalyst Center. Details how to navigate to the Allowed Vendor List table to review vendor names, match criteria, assigned threat levels, associated site information, and the last update timestamp.

Edit a vendor rule

Details the procedure for editing existing vendor rules in Catalyst Center, including modifying vendor names, match criteria, threat levels, and associated sites. Explains how to save these changes to ensure your allowed vendor configurations remain current and aligned with your network security requirements.

Delete a vendor rule

Provides instructions for deleting vendor rules in Catalyst Center. Explains how to navigate to the Allowed Vendor List tab to select and remove specific vendor rules from your network security configuration.

Create a list of allowed vendors

Provides instructions for creating an allowed vendor list in Catalyst Center, allowing you to reclassify vendor threats as Potential or Informational. Details how to define selection criteria, add up to five vendors per workflow, and apply these rules to specific sites within your network hierarchy.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.