Network Management

Reply
New Contributor
Posts: 2
Registered: ‎06-20-2013

Airwave Rogue APs SSID Spoofing - can't find the Rogue onsite

We have recently started looking at rogue APs using Airwave.  We have started with two simple rules. The first is to tag it as a rogue if it's detected via wireless and on the wired.  The second one is to tag it as a rogue if it detects any AP broadcasting any of our SSIDs.

 

With those two rules we are seeing a total of 11 rogues being detected via the SSID spoofing rule.  One actually is right in our working area.  I've used Airmagnet WiFi Analyzer to find the device and there is absolutely nothing in the area.  Has anyone else seen this type of issue of Airwave reporting these types of rogues that don't exist?

New Contributor
Posts: 2
Registered: ‎06-20-2013

Re: Airwave Rogue APs SSID Spoofing - can't find the Rogue onsite

After doing more research, found that the local controller had a device that Airwave was marking as rogue (SSID Spoofing). The details of it stated that it was down.  I believe this was an old entry and deleted from the local controller.  Deleted all from Airwave and let it find the rogues again.  It didn't report the one that was deleted from the local controller and the local controller is not reporting it again.  I'm wondering why Airwave was reporting it as a rogue and that it was detected via wireless when clearly the device didn't exist.

 

Is there a command to completely delete all rogue type devices so I can start with a clean slate?

MVP
Posts: 1,407
Registered: ‎11-30-2011

Re: Airwave Rogue APs SSID Spoofing - can't find the Rogue onsite


silwi wrote:

Is there a command to completely delete all rogue type devices so I can start with a clean slate?


isnt that what you already did?

Search Airheads
Showing results for 
Search instead for 
Did you mean: