Wireless Access

How to handle old suspected rogue users? It appears that airwave is set to never delete old detected rogue users? So I have two questions

1. Is there a way to configure old suspect rogue users?

2. Will that configuration delete the ones that have already accumulted?

You can set the rogue retention under Amp setup --> General --> Historical retention --> Rogue AP Discovery Events and Rapid Setup --> Delete Rogues not detected. Based on the number of days we set here the rogue data will be purged during nightly maintenance.

 

I went into airwave under am setup-->General but i do not see historical retention as an option

Rogue AP Discovery Events (2-550 days, zero disables):
Unless this value is 0, it cannot be smaller than the 'Delete Rogues not detected for' window (0) configured on the RAPIDS Setuppage. is this what you are refering too and then you go to the RAPIDS setup page to set the days before deleting

Yup those 2 are the places where you want to set the number of days.

I found historical retention after all, so when I set this will it delete the 630 year old ones that are currently listed under rogue

You can set it to a lesser number of days and wait for the nightly maintenance to run. However, if the data is too huge i would suggest getting in touch with TAC as they can take the root access and clean it up quickly using the script.

 

Currenlty it looks like the setting under AMP setup is 14 and the RAPIDs is set to zero - so that tells me that the function to delete suspected rogues is disabled and I should set it to at least 14 or greater?

So would it be better to go in an manually delete the suspected rogue users that are old? And if they return it the future they would be detected again

Right. Since it’s set to 0 it is disabled and not deleting it.
Best go now will be opening a TAC case so that they will clear it from CLI post which you can set the desired number of days in both these places, so that based on the value Rogue data will be purged

I now have all the old rogues deleted, if i turn off the auto delete rogues that have not been seen is there any reboot or interference with operation of the wireless? My guess is no but since I am a newbie to all this I wanted to check first

Your guess is correct. The change for retention made is within Airwave and wont be effecting the wireless. We also dont need any reboot when we change the retention value.

 

So what happens if I changed the setting to start deleting the suspected rogue users now?

If you change it now it will try to purge it tonight during nightly maintenance. However, as the list is pretty huge in this case(since it was disabled) there are chances it can get timed out, which is the reason I suggested the clean up with the help of TAC. Post that based on the number of days set it will be cleared during everyday nightly maintenance.