Wireless Access

last person joined: 2 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Rogue Locate Capability and Rogue Device Table

  • 1.  Rogue Locate Capability and Rogue Device Table

    Posted Mar 15, 2013 10:33 AM

    Hi,

     

    1. When I click on a rogue device and try to locate it a new windows comes up and it will show that it is near some APs/AMs (AP and AM configured). However, in a few seconds, the ones that detect it goes away and the detectors are empty. Is this because the signal coming from this rogue ap "gone"? Or is it because the AP configured also as a temporary AM became an AP so it can no longer server as an AM?

     

    2. When rogue devices and security issues are detected, how long are they on the dashboard? Are these removed automatically when these devices are no longer sensed in the network? Or is there  a parameter that basically sets the period as to when these "hits" are placed in the database?

     

    Thanks.



  • 2.  RE: Rogue Locate Capability and Rogue Device Table

    Posted Mar 18, 2013 03:20 AM

    @baboyero wrote:

    Hi,

     

    1. When I click on a rogue device and try to locate it a new windows comes up and it will show that it is near some APs/AMs (AP and AM configured). However, in a few seconds, the ones that detect it goes away and the detectors are empty. Is this because the signal coming from this rogue ap "gone"? Or is it because the AP configured also as a temporary AM became an AP so it can no longer server as an AM?

     

    2. When rogue devices and security issues are detected, how long are they on the dashboard? Are these removed automatically when these devices are no longer sensed in the network? Or is there  a parameter that basically sets the period as to when these "hits" are placed in the database?

     

    Thanks.


    1.  If it is an AP, it only scans for the rogue device part-time.  If it is an AM it should be fairly stable.  Is it a single-radio AP?

    2.  in the IDS wms general profile, there is an ap ageout parameter that determines how long we keep a record of those 3rd-party APs (including rogues) that we have seen in the database.  By default it is 30 minutes.

     



  • 3.  RE: Rogue Locate Capability and Rogue Device Table

    Posted Mar 18, 2013 12:08 PM

    @cjoseph wrote:

    @baboyero wrote:

    Hi,

     

    1. When I click on a rogue device and try to locate it a new windows comes up and it will show that it is near some APs/AMs (AP and AM configured). However, in a few seconds, the ones that detect it goes away and the detectors are empty. Is this because the signal coming from this rogue ap "gone"? Or is it because the AP configured also as a temporary AM became an AP so it can no longer server as an AM?

     

    2. When rogue devices and security issues are detected, how long are they on the dashboard? Are these removed automatically when these devices are no longer sensed in the network? Or is there  a parameter that basically sets the period as to when these "hits" are placed in the database?

     

    Thanks.


    1.  If it is an AP, it only scans for the rogue device part-time.  If it is an AM it should be fairly stable.  Is it a single-radio AP?

    2.  in the IDS wms general profile, there is an ap ageout parameter that determines how long we keep a record of those 3rd-party APs (including rogues) that we have seen in the database.  By default it is 30 minutes.

     


    1. It is a dual radio AP. I notice that this is the case for both deployments with a dedicated air monitor and deployments with only AP/AM. Not sure if it is because the AM goes to a different channel (by that time the information should have been sent to the controller and should be there for some period of time) or because the device stops transmitting ??

     

    2. I saw this, thank you.