Home
Support

Cisco Catalyst Center Rogue Management and aWIPS Application Quick Start Guide, Release 3.1.x

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Table of contents

Expand all sections

About this document

Catalyst Center Rogue Management and aWIPS Application

Introduction to the Rogue Management and aWIPS application
About Rogue Management
About Advanced Wireless Intrusion Prevention System
Scale information
Basic setup workflow

Install Catalyst Center Rogue Management Application Package

Application management
Download and Install the Rogue Management and aWIPS application package

Monitor the Rogue and aWIPS Dashboard

Access the Rogue Management and aWIPS application
Monitor the Rogue Management and aWIPS dashboard
Monitor network rogue threats
Get rogue AP and rogue client details from the Threat 360° view
Download aWIPS profile forensic capture from the Threat 360° view
Deploy your device configurations now or later
Preview and deploy your device configurations

aWIPS Profiles

About aWIPS profiles
Create an aWIPS profile configuration workflow
View an aWIPS profile
Assign an aWIPS profile to the network device
Edit an aWIPS profile
Delete an aWIPS profile
Enable or disable aWIPS or aWIPS forensic capture

Rogue AP Containment on Wired and Wireless Networks

Rogue AP Containment overview
Wired rogue AP containment
Wireless Rogue AP Containment
Cisco Rogue AP Containment Actions Compatibility Matrix
View tasks and audit logs of rogue AP containment type

Custom Classification of Rogue APs

About the allowed list workflow
Set up the allowed list workflow
About custom rogue rule creation
Edit a rogue rule
Delete a rogue rule
Create a custom rogue rule
About rogue rule profiles
Edit a rogue rule profile
Delete a rogue rule profile
Create a rogue rule profile
View the allowed access points list
About the allowed vendor list
View vendor rule list information
Edit a vendor rule
Delete a vendor rule
Create a list of allowed vendors

Rogue and aWIPS Event Notifications

Information about the rogue and aWIPS event notifications

Wired rogue AP containment

Updated: December 15, 2025

Want to summarize with AI?

Overview

Banner with a blue check mark indicates that the Wireless Rogue AP Containment request is in progress.

The Wired Rogue AP Containment feature allows Catalyst Center to shut down the ACCESS mode interface on the switch to which a rogue AP is physically attached. Catalyst Center performs wired rogue AP containment only on ACCESS mode interfaces, because shutting down any other mode might bring the network down.

If the rogue AP is attached to non-ACCESS mode interfaces, the network admin must contain the interface either manually or through a CLI command.

This procedure describes how to perform wired rogue AP containment on an ACCESS mode interface classified as Rogue on Wire in Catalyst Center.

Before you begin

Download and install the rogue and aWIPS application package. For more information, see Download and Install the Rogue Management and aWIPS application package.

Ensure that you have write permission from the provision API, scheduler API, and rogue side to perform this procedure.

Procedure

	1.	From the main menu, choose Assurance > Rogue and aWIPS > Threats.
	2.	Click the rogue AP MAC address is classified as Rogue on Wire in the Threat MAC address column. The Threat 360 window appears.
	3.	From the Action drop-down list, select Shutdown Switchport. A warning dialog box displays the list of ACCESS mode interfaces to be shut down on the corresponding device, and Configuration Preview information. Note The Shutdown Switchport option appears in the Action drop-down list only when the rogue AP MAC address is marked as Rogue on Wire. For more information, see the Cisco Rogue AP Containment Actions Compatibility Matrix. The Shutdown Switchport action is irreversible. You must manually bring the switchport back up.
	4.	In the Configuration Preview tab, review the configurations and click Yes. Note The Configuration Preview tab appears only when Configuration Preview is enabled. For information on how to enable this preview, see the "Enable Visibility and Control of Configurations" topic in the Cisco Catalyst Center Administrator Guide.
	5.	The Threat 360 window displays the wired rogue AP containment status: A banner with a blue check mark indicates that the wired rogue AP containment request is in progress. A banner with a green check mark indicates that the wired rogue AP containment is initiated successfully on the corresponding interface. A banner with a red check mark indicates that the wired rogue AP containment request failed. Note After containment is initiated, it takes some time for the interface state to be updated from Rogue on Wire to another threat classification type. The Rogue on Wire classification type changes to another classification type upon the arrival of the next wireless rogue message for the same rogue AP. If a rogue AP MAC address is classified as Rogue on Wire, but no ACCESS mode interfaces are up to initiate the containment, Catalyst Center disables the Shutdown Switchport option in the Action drop-down list. Note You cannot initiate Wireless Rogue AP Containment unless the rogue AP to which it corresponds to is as long as in the Rogue on Wire classification type. For more information, see Wireless Rogue AP Containment.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.