Are those wireless mac addresses your access points, or no?

no they are not our APs and they are not physically attached to our network, they appear to be neighbors being automatically classified as rogues, best I can tell is the Minus-one-match method is assuming that two consecutive macs must represent wired and wireless interfaces but does not take into account two consecutive wireless macs, E.g. 2.4 and 5 Ghz radios on one AP having separate mac addresses.

 

One of those macs would need to be wired for it to classify using the +1 rule.

Doesn’t seem so, else why would both macs have unique SSIDs associated with them?

​​​​​
Alan Mercer
Technical Systems Architect
Catholic Charities Information Technology
1966 Greenspring Dr.
Suite 200
Timonium, Md. 21093
667-600-2270
Fax: (410) 561-7755
amercer@cc-md.org

Please note phone number change above effective on 9/23/2016

For support issues please contact the Support Desk at : (1-844-323-5477) or support@cc-md.org


To find out more about Catholic Charities please visit: www.cc-md.org

[cid:image001.png@01CF63AF.EE50C0D0] [cid:image002.png@01CF63AF.EE50C0D0]
Please follow us on Facebook and Twitter
[cid:image003.png@01CF63AF.EE50C0D0]
Our Mission: Inspired by the Gospel mandates to love, serve and teach, Catholic Charities provides care and services to improve the lives of Marylanders in need.
Disclaimer: This message is confidential, intended only for the named recipient(s), and may contain information that is legally privileged. If you are not the intended recipient(s), you are notified that the disclosure, dissemination, distribution or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at either the e-mail address or telephone number above and delete this e-mail from your computer. Thank you.

Doesn’t seem so, else why would both macs have unique SSIDs associated with them?

​​​​​
Alan Mercer
Technical Systems Architect
Catholic Charities Information Technology
1966 Greenspring Dr.
Suite 200
Timonium, Md. 21093
667-600-2270
Fax: (410) 561-7755
amercer@cc-md.org

Please note phone number change above effective on 9/23/2016

For support issues please contact the Support Desk at : (1-844-323-5477) or support@cc-md.org


To find out more about Catholic Charities please visit: www.cc-md.org

[cid:image001.png@01CF63AF.EE50C0D0] [cid:image002.png@01CF63AF.EE50C0D0]
Please follow us on Facebook and Twitter
[cid:image003.png@01CF63AF.EE50C0D0]
Our Mission: Inspired by the Gospel mandates to love, serve and teach, Catholic Charities provides care and services to improve the lives of Marylanders in need.
Disclaimer: This message is confidential, intended only for the named recipient(s), and may contain information that is legally privileged. If you are not the intended recipient(s), you are notified that the disclosure, dissemination, distribution or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at either the e-mail address or telephone number above and delete this e-mail from your computer. Thank you.

My remark is that is how it is supposed to work.  Have you seen the article here?  http://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-troubleshoot-rogue-on-IAP/ta-p/213315

 

That article does not explain the plus one rule nor why two consecutive macs both associated with wireless SSIDs would be detected as wired.  Everything about this still says false positive and and one that would likely occur quite frequently.  It appears to be a flawed signature used for rogue detection and would not be the first bug in Airwave and the instant OS I have reported in our short time using the product.

 

I'm at the point that I will have to open a support ticket on this given the answer is not here.

 

That is the best approach.