I don't have a huge problem, that I know of, with rogue access points right now. I would like to be able to have the reports that lists the rogue access points and have it narrow down the location, maybe to anther couple of legitimate access points close by or to a building. One possible complicating factor is that we are only using one wireless controller (Cisco wlc-5508). Am I asking for the impossible here? Will I have to roll my own poller for the 5508? Right now, I'm happy to have netflow information from it, but not so happy I don't want more and better information.
Maybe part of my problem is that I don't know what fields are stored from the stock poller for the 5500's in the database. I can tell it stores IP address, MAC address, name of the rogue AP, the channel, and the fact that it is talking to my controller. Is there more useful information in the database that might help me figure out what I want to know? If it might help with creating heat maps for wireless coverage, that would be even better as that is on the to-do list.
This is not a high priority thing, but I would like to have the information so we can further tighten our network defenses.