12-07-2015 08:47 AM
We have recently started looking at rogue APs using Airwave. We have started with two simple rules. The first is to tag it as a rogue if it's detected via wireless and on the wired. The second one is to tag it as a rogue if it detects any AP broadcasting any of our SSIDs.
With those two rules we are seeing a total of 11 rogues being detected via the SSID spoofing rule. One actually is right in our working area. I've used Airmagnet WiFi Analyzer to find the device and there is absolutely nothing in the area. Has anyone else seen this type of issue of Airwave reporting these types of rogues that don't exist?
12-07-2015 10:07 AM
After doing more research, found that the local controller had a device that Airwave was marking as rogue (SSID Spoofing). The details of it stated that it was down. I believe this was an old entry and deleted from the local controller. Deleted all from Airwave and let it find the rogues again. It didn't report the one that was deleted from the local controller and the local controller is not reporting it again. I'm wondering why Airwave was reporting it as a rogue and that it was detected via wireless when clearly the device didn't exist.
Is there a command to completely delete all rogue type devices so I can start with a clean slate?