Cisco Wireless AP Modes

Many Cisco APs can operate in autonomous or lightweight mode; this depends on the image that you run.

An AP that serves wireless clients is in local mode. Besides local mode, there are other AP modes. In this lesson, we’ll take a look at each AP mode.

AP Modes


Local mode is the default mode; it offers a BSS on a specific channel. When the AP doesn’t transmit wireless client frame, it’s still doing something behind the scenes. The AP scans other channels to:

  • Measure noise
  • Measure interference
  • Discover rogue devices
  • Check for matches against IDS events


An AP in monitor mode doesn’t transmit at all. It’s a dedicated sensor that:

  • Checks Intrusion Detection System (IDS) events
  • Detects rogue APs
  • Determines the position of wireless stations

Because the AP is only in monitor mode, it won’t broadcast an SSID so clients are unable to connect to the AP.


It’s possible to connect a local mode AP at a remote branch to the HQ’s WLC. This works, but it’s not a good idea. First of all, the AP encapsulates all wireless client data through the CAPWAP tunnel over the WAN link. Secondly, when the WAN link is down, your wireless network at the branch site is offline too.

FlexConnect is an AP mode for situations like the one above. The AP can locally switch traffic between a VLAN and SSID when the CAPWAP tunnel to the WLC is down.


An AP in sniffer mode dedicates its time to receive 802.11 wireless frames. The AP becomes a remote wireless sniffer; you can connect to it from your PC with an application like Wildpackets Omnipeek or Wireshark. This can be useful if you want to troubleshoot a problem and you can’t be on-site. When an AP is in sniffer mode, it won’t broadcast an SSID so clients can’t connect to the AP.

Rogue Detector

Rogue detector mode makes the AP detect rogue devices full-time. The AP checks for MAC addresses it sees in the air and on the wired network. When the AP is in rogue detector mode, it can switch between rogue detection and serving clients. The AP can still broadcast an SSID and clients can connect to the AP.


The AP becomes a dedicated point-to-point or point-to-multipoint bridge. Two APs in bridge mode can connect two remote sites. Multiple APs can also form an indoor or outdoor mesh. You can’t connect to the bridge with clients.

Flex plus Bridge

The AP can operate in either FlexConnect or Bridge/Mesh mode. This AP mode combines the two; it allows APs in mesh mode to use FlexConnect capabilities.

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 791 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

1536 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. Hi Rene,

    In monitor mode the AP detect the rough APs, also in rogue detector mode it’s detect rough devices, so can you give more detail about the different between two mode in detector matter, in other word what you mean by rough devices so I can see the different ? do you mean that it’s check for mac address that pre-defined somewhere and give us a notification about it ? I want the full picture of this so I can visualize the use cases of this rogue detector mode.

  2. Hello Hussein

    First of all it’s important to understand what the term rogue refers to. It doesn’t only refer to access points, but also to clients that have erroneously connected to those access points. There are two things that can be done to contain both the rogue AP and the rogue clients that have connected to them. The first has to do with the rogue clients, while the second has to do with the rogue AP itself.

    1. When a rogue client is detected, the legitimate access points can send a de-authentication packet to these clients that will disassociate them
    ... Continue reading in our forum

  3. Thanks Laz, it’s very useful summary of this cisco doc.

  4. Hello,

    I am interested in the difference between Sniffer Mode and SE-Connect Mode. Both seem to have wireless sniffing properties.


  5. Hello Cool

    Sniffer mode is used to capture Layer 2 wireless frames and send them to a packet analyzer program such as Wireshark. In this mode, the AP will actively receive frames, and process them, and send them to the configured packet analyzer. There they can be saved into .pcap files (for Wireshark) for examination at a later time.

    SE-Connect mode is different, in that it is used to perform spectrum analysis. The AP will “listen” to the RF band in the air and record the frequencies and wavelengths it “hears”. This is useful in discovering all of the sour

    ... Continue reading in our forum

21 more replies! Ask a question or join the discussion by visiting our Community Forum