Rogue APs are typically devices that are on your wired network and are rebroadcasting that without any security.  In this case the AP is simply a wireless bridge.  It is no different than a client associating to the AP and gathering data.  In this case how has the ap client gained access to the PSK to join the network?  That would be the real security issue to me.  Someone has broken your security mechanism and gained access to the network.  That ap client could just as easily be a real client that is pulling down data and storing it locally.  That would be a security risk as well.

Hi,

Really, this is a wireless bridge. The tittle is not correct.

Our institution have many users with guest psk access and the wireless bridge could be installed in any place into the campus.

Is there any procedure to solve this problem? The internal users are dangerous many times.

Thanks

I am not sure that we can tell that there is NATTED traffic behind a valid user.  If you are using a PSK to get on your network and someone has the PSK, they are authorized, along with the traffic behind them.  There is no real way to detect that.

Your big issue is that you cannot disable users individually, because you are using a shared PSK.

Ok, thanks for your answer.

But I thought the "detect wireless bridge" in IDS profile could detect it..