Rogue Classification on AOS 6.0

Aruba Employee
Aruba Employee


The following describes the classifications defined on Aruba controllers.

Rogue - a device that is connected to the wired network. A device will only be automatically marked as a rogue if a gateway MAC has been seen in the wireless traffic coming from the device. Or it can be manually classified as a rogue.

Suspect Rogue - The controller has a number of heuristics to check if a device is on the wire. A lot of those create false positives. An interfering device becomes a suspect rogue if it looks like it is on the wire but the controller isn't 100% confident. The new rules in 6.0 can also classify interfering devices into the suspect rogue state.

Interfering - This is still the default classification a device gets when it is first wirelessly discovered. The controller works to move devices out of this classification to something more specific.

Neighbor - Devices will be classified as neighbor based on the rules defined in the controller or if they have been manually

Valid - Devices that are managed by the controller or other AOS controllers in the mobility domain. Device may be manually classified as Valid. There is also a 'learn-ap' mode that can be used in overlay deployments. When learn-ap mode is enabled, wired and wireless devices (rogues) will be set to valid automatically. This mode is meant to be enabled for a short period of time so the controller can learn the valid devices.

Contained rogue - Users can manually classify devices as 'contained rogue'. Please do not confuse this with the 'contain rogue APs' feature. If that feature is enabled the device will keep the rogue classification and will be marked for containment. Those will appear differently in the UI.

Version history
Revision #:
1 of 1
Last update:
‎06-26-2014 03:44 PM
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: