As discussed previously, several RM functions can be enabled using the SWAN deployment modes. A key component of radio measurements is the capability of Cisco APs, in addition to Cisco and CCX (version 2.0 or above), to measure and report measured RF parameters to the WLSE. Using the Cisco SWAN solution, active APs can measure radio parameters while still servicing WLAN clients. Figure 9-4 illustrates radio monitoring using WDS client APs and Cisco CCX clients. As shown in Figure 9-4, collected RM data is sent to the WDS server, which aggregates the RM data and forwards it to the WLSE for analysis.
To enable WLSE to identify rogue APs, you must discover and identify managed APs and specify their location. You can import a floor plan (GIF/JPEG/BMP format) into the WLSE, and you must identify and place the discovered (that is, managed) APs at appropriate locations on the imported floor plan. After you do this, you can execute the assisted site survey feature to fine-tune the channel and power settings of the access points. The assisted site survey consists of two phases: the AP radio scan and the client walkabout procedure. The WLSE also uses the assisted site survey process to model the RF environment. Chapter 12 discusses the configuration required on the WDS client APs, the WDS server, WLAN clients, and the WLSE to enable radio management features for both SWAN nonswitching deployment mode and the SWAN central switching deployment mode.
After you execute the assisted site survey, it is recommended that you enable radio monitoring on all APs and associated Cisco CCX clients. When the WLSE determines that there are unidentified APs from the collected RM data, it triggers rogue AP alerts. Each rogue AP alert specifies which managed APs are reporting the rogue AP (along with measured signal strength, and so on). Location Manager can be used to triangulate the location of the rogue AP. The WLSE uses the collected RM data, along with the measured signal strength of the rogue AP from the reporting managed APs, to approximate the location of the rogue AP.
Figure 9-5 illustrates two different scenarios of rogue AP detection. In the first scenario, the rogue AP overlaps in RF coverage with the deployed and managed APs; in this case, WDS client AP 1 and 2 detect and report the rogue AP. In the second scenario, a Cisco or CCX client detects and reports the second rogue AP, which is outside the RF coverage area of the managed APs.
After the WLSE detects the rogue AP, the administrator has three choices:
Use the WLSE to triangulate the location of the rogue AP and physically investigate it. If the rogue AP is within the customer premise and physically located, the administrator can remove it.
The second option is to trace the rogue AP over the wired network to determine where it is connected (if it connected to the customer's wired network). WLSE uses detected BSSID (that is, MAC address) information of the rogue AP to trace it within the customer's wired network. If the rogue AP is successfully traced, the administrator has the option to shut down the switch port to which the rogue AP is connected.
The last option is to identify the rogue AP as a "friendly" AP if it is determined to be a valid neighbor's AP. This can be the case in a multitenant environment.