Exam 200-301 topic 1 question 337 discussion

Keyword is "legitimate autonomous AP" Answer is D I think option B will kick the clients, which you probably don't want https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html#anc23 https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html#anc34 https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html#anc32 Also search for "Valid client on Rogue AP" in provided links

Fk you net acad

Rule-Based Rogue States Classification Type • Internal—If the unknown access point is inside the network and poses no threat to WLAN security, you would manually configure it as Friendly, Internal. An example is the access points in your lab network. • External—If the unknown access point is outside the network and poses no threat to WLAN security, you would manually configure it as Friendly, External. An example is an access point that belongs to a neighboring coffee shop. • Alert—The unknown access point is moved to Alert if it is not in the neighbor list or in the user-configured friendly MAC list. Friendly link https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-2/configuration_guide/b_162_consolidated_3850_cg/b_162_consolidated_3850_cg_chapter_01100101.pdf

Must be more D than B

On a Cisco Wireless LAN Controller (WLC), when a rogue AP alarm is received and it is determined that the AP is indeed legitimate, you can stop the alarms for that particular AP by designating it as a 'Friendly' AP. This is done to acknowledge that the AP is known and not a security threat. The correct way to stop the alarms for the MAC address of a legitimate autonomous AP is: D. Set the AP Class Type to Friendly. By classifying the AP as 'Friendly,' the WLC recognizes the AP as a known and trusted device, and it will not trigger rogue AP alarms for that MAC address in the future. This is the standard way of handling such a scenario on a Cisco WLC.

it´s D

Answer is D: "If a rogue AP is classified as friendly, it means that the rogue AP exists in the vicinity, is a known AP, and need not be tracked. Therefore, all the rogue clients are either deleted or not tracked if they are associated with the friendly rogue AP." https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_0111010.html.xml B will remove the client from the network by using the nearby legitimate APs to jam it. This doesn't turn off the alarms either: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/112045-handling-rogue-cuwn-00.html#toc-hId--1159393380

Manual containment is the appropriate action in this case. It allows you to manually identify the AP as legitimate and prevent the WLC from sending rogue AP alarms for that specific AP. This way, the WLC will stop treating it as a rogue and generating alarms while still being managed by the WLC.

When the controller receives a rogue report from one of its managed access points, it responds as follows: 1. The controller verifies that the unknown access point is in the friendly MAC address list. If it is, the controller classifies the access point as Friendly. 2. If the unknown access point is not in the friendly MAC address list, the controller starts applying rogue classification rules. Source: https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_0111010.html.xml

A WLC will send alarms about a rogue AP when it detects an AP that is not under its management. This can happen when a legitimate autonomous AP is installed on the network. To stop the alarms, the network administrator must set the AP Class Type to Friendly. This will tell the WLC that the AP is a legitimate AP and that it should not send alarms about it. The other options are incorrect for the following reasons: Removing the AP from WLC management will stop the alarms, but it will also prevent the WLC from managing the AP. This is not necessary, since the AP is a legitimate AP. Placing the AP into manual containment will stop the alarms, but it will also prevent the AP from being used by clients. This is not necessary, since the AP is a legitimate AP. Manually removing the AP from Pending state will not stop the alarms. The WLC will continue to send alarms about the AP until the AP Class Type is set to Friendly.

Answer is D. Search for "Table 1. Classification Mapping" in following link: https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/wireless/controller/7-5/configuration-guide/b_cg75/b_cg75_chapter_0111010.html.xml Regards,

If the alarms sent by the WLC are caused by a legitimate autonomous AP, the most appropriate action to stop the alarms for the MAC address of the AP is: B. Place the AP into manual containment. Manual containment is a method used to block a rogue AP and prevent it from interfering with the wireless network. It is a more targeted and less disruptive method compared to removing the AP from WLC management altogether, which would result in loss of connectivity for the AP.

Rogue Classification Rules Rogue classification rules, allow you to define a set of conditions that mark a rogue as either malicious or friendly. These rules are configured at the PI or the WLC, but they are always performed on the controller as new rogues are discovered.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010111001.html Internal—If the unknown access point is inside the network and poses no threat to WLAN security, you would manually configure it as Friendly, Internal. An example is the access points in your lab network. External—If the unknown access point is outside the network and poses no threat to WLAN security, you would manually configure it as Friendly, External. An example is an access point that belongs to a neighboring coffee shop. Alert—The unknown access point is moved to Alert if it is not in the neighbor list or in the user-configured friendly MAC list.

Answer is D

The Answer is D