Controller-less WLANs

How to troubleshoot rogue on IAP

In this article  we will see the list of debugging and cli commands used to troubleshoot a rouge device in IAP.

 

List of command and debugging used to troubleshoot  Rogue on IAp.

 

Environment : All  IAP Versions.

 

Configure the following debugging level on the IAp to Capture the necessary output.
 
Within IAP cluster: Set security debugging to “Notice” level.


Click on “System” then “Show Advanced Options”

 

rtaImage.png

 

 

Under the “Monitoring” tab set the Security debugging level to “Notice”

 

rtaImage (1).png

 

 

Within the IAP cluster: When you see that the Rouge device is detected, run the below commands from the CLI of the IAP to  understand   how and why these devices are detected as rogue.
 
-show ap monitor ap-list  | include rogue

This command will show the list of devices detected
 
-show log security | include ids-ap

This  command will help us to find out the rouge BSSId and the Match MAC address
 
-show ap monitor ap-wired-mac  <BSSID as per security logs>

This command will help to find out the Match wired Mac .

-show tech-support

To get the complete config

 

Use the following command from the CLI to verify if there is a rouge device detected.

show ap monitor ap-list  | include rogue
 
9c:1c:12:87:33:70  ethersphere-alpha           48    rogue        80211a-VHT-40   disable  23600/9407   0/0     wpa2-other-aes   0      23        23         0      no

 

From GUI
=======

-Click on IDS  to view the rogue and interfering devices.

 

rtaImage (2).png

 

show ap monitor ap-list  | include rogue
 
9c:1c:12:87:33:70  ethersphere-alpha           48    rogue        80211a-VHT-40   disable  23600/9407   0/0     wpa2-other-aes   0      23        23         0      no



show log security | include ids-ap(You can also get this log on a syslog server)
 
“Jun 17 13:16:30 2014 10.64.99.209 sapd[1558]: <106000> <NOTI> <10.64.99.209 0.0.0.0> |ids-ap| AM 00:24:6c:24:0a:d8: Potentially rogue AP detected BSSID 6c:f3:7f:a8:9b:d0 SSID gotonet MATCH MAC 00:27:10:cf:f5:8c
 
show ap monitor ap-wired-mac 6c:f3:7f:a8:9b:d0  à BSSID from above log
 
Wired MAC Table
---------------
mac                age
---                ---
00:27:10:cf:f5:8c 1h:27m:33s  -----MAC address from above log
00:1a:1e:00:66:b8  34m:32s

Version history
Revision #:
1 of 1
Last update:
‎11-04-2014 01:56 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.