Controller-less WLANs

Can we clear/delete the Rogue entries from IAP?

by on ‎08-14-2014 12:35 PM

Question: How to clear a rogue entry from an IAP?

 

There is no option or command in IAP to clear the Rouge entries. The only way to clear the entries is to reboot all the IAP in the cluster.

1) Use the following command to view the rogue devices.

 
  IAP105# show ap monitor ap-list  | include rogue
 
    9c:1c:12:87:33:70  ethersphere-alpha           48    rogue        80211a-VHT-40   disable  23600/9407   0/0     wpa2-other-aes   0      23        23         0      no


2) From the VC Click on “Maintenance” and under the “Reboot” tab select “Reboot All”

 

rtaImage1.png

Comments
alessandro.cristallo@al-enterprise.com
Hello. Is there a way to mark an AP detected as ROGUE as "known" ? How ? Thanks, regards. Alex

Below is the way to mark a Rogue Ap as valid / change the IDS state of an Ap.

 


00:24:6c:c8:68:98# show ap monitor ap-list | include rogue
9c:1c:12:13:c2:11  0237.1x                  11    rogue        80211b/g-HT-20  enable   14907/2649   1/1     wpa2-8021x-aes  0      66        66         0      no

 


00:24:6c:c8:68:98# ids-reclassify ap <mac-addr> <phy_type> <rap_type>

 

<phy_type> ==> phy_type is the radio that the rodue Ap is broadcasting in.

<rap_type> ==> rap_type is the IDS state.
 
00:24:6c:c8:68:98# show ids phy-types

Physical Types
--------------
Keyword  Value
-------  -----
b        0
a        1
g      2
ag      3


00:24:6c:c8:68:98# show ids rap-types

RAP Types
---------
Keyword            Value
-------                   -----
valid                 0
interfering              1
rogue                      2
dos-attack              3
unknown                 4
known-interfering  5
suspect-rogue       6



00:24:6c:c8:68:98# ids-reclassify ap 9c:1c:12:13:c2:11  2  0

00:24:6c:c8:68:98# show ap monitor ap-list | include 9c:1c:12:13:c2:11
9c:1c:12:13:c2:11  0237.1x                  11    valid        80211b/g-HT-20  disable  14982/2649   1/1      wpa2-8021x-aes  0      0         66         0      no

 

00:24:6c:c8:68:98# show snmp trap-queue | include 9c:1c:12:13:c2:11
2014-11-17 14:16:59 An AP (NAME 00:24:6c:c8:68:98 and MAC 00:24:6c:c8:68:98 on RADIO 2) that previously classified an access point (BSSID 9c:1c:12:13:c2:11 and SSID 0237.1x on CHANNEL 11) as rogue, no longer considers it rogue or it was removed from the network.

 

With the above steps, the IDS state can be changed as desired. Also, please note that this can be done via CLI only.

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.