Wireless Access

Reply
Contributor I
Posts: 32
Registered: ‎07-25-2014

Suspected Rogue/Intefering AP ?

Hi,

 

I have loaded a customer master controller with RFProtect license for WIPS. it is a 3600 controller , running the 6.4.2.3 OS ver. The environment has 1 master and 4 local controllers. I have configured centralized licensing., 

 

We tested with a SOHO Asus router plugged into the wired cat5 outlet on a wall and it showed up as an "Interfering AP" and not as a "suspected Rogue" . Is there any way for me to change the setting so that all such wired intrusions are categorized as "Suspected Rogues" ? 

Guru Elite
Posts: 8,794
Registered: ‎09-08-2010

Re: Suspected Rogue/Intefering AP ?

Are your APs in dedicated subnets or user subnets? 

Do you have AirWave? Are your wired switched in AirWave? 

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,587
Registered: ‎03-29-2007

Re: Suspected Rogue/Intefering AP ?

[ Edited ]

.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 32
Registered: ‎07-25-2014

Re: Suspected Rogue/Intefering AP ?

They are in user subnets. We are using Airwave. But it not configured yet for WIPS.

Contributor I
Posts: 32
Registered: ‎07-25-2014

Re: Suspected Rogue/Intefering AP ?

It is on the same VLAN.  Else the controller would not even detect it - is my understanding correct ? 

MVP
Posts: 4,309
Registered: ‎07-20-2011

Re: Suspected Rogue/Intefering AP ?

https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/Basic-Wired-Wireless-device-correlation-of-detection-rogue-in-3-steps
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 32
Registered: ‎07-25-2014

Re: Suspected Rogue/Intefering AP ?

Does anybody have any other ways to resolve this ? My customr is still facing the issue. A "suspected rogue" is showing up as an "interfering AP" and is allowing him access into the network. 

Moderator
Posts: 321
Registered: ‎08-28-2009

Re: Suspected Rogue/Intefering AP ?


geetauday wrote:

It is on the same VLAN.  Else the controller would not even detect it - is my understanding correct ? 


if the rogue AP is in some vlan 10, and the controller and APs both have no connectivity to vlan 10 at layer 2 then it will be detected as interfering. If the controller and APs have visibility into vlan 10, even at layer 2 trunk level, this should promote it up to suspect-rogue at least.

 

please collect the output of

"show wms ap <bssid>"

"show wms rogue-ap <bssid>"         << won't work for interfering only

 

 

regards

-jeff

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: