Wireless Access

Hi,

 

I can see five rogue devices in my controller dashboard, however it seems they are my neighbors AP, how could an AP which is not connected to our lan is shown as Rogue, we use 6.1.3.4 code.

 

Thanks

 

Type "show wms ap list | include rogue" to find out what access points are labeled as rogues.

 

To find out why, type "show wms rogue-ap <mac address>" to get more details on why.

 

That should not happen i guess

You have to first see how that ap was classify as Rogue AP

 

For this you first would like to know the BSSID

 

issue the command

show wms ap list | include rogue

 

You will see the list of ap rogues APS

you retrive the BSSID

 

then you do

 

show wms rogue-ap <bssid>

 

you can post the output maybe we can help you to find out

 

Cheers

Carlos

 

edit

Heh i went out a min and the asnwer was already there :) well since i cannot delete my post ill just leave it there..

Rogue AP Info
-------------
Key           Value
---           -----
BSSID         00:0d:97:08:67:6f
SSID          amr
Channel       1
Type          generic-ap
RAP Type      rogue
Status        up
Match Type    Classification-Disabled
Match MAC     00:00:00:00:00:00
Match IP      0.0.0.0
Match AM      OUR AP

Match Method  N/A
Match Time    Sat Sep  1 21:13:46 2012

Okay thats weird... that match type i never seen before... is not even on the rogue ap guide so i dont know what does that mean....

If i were you i would go to

Maintenaince --->WMS database ---> click on clean old entries

 

What will do is cleaning all the entries you see on discovered APS incluiding all the rogue aps suspected rogue aps etc etc

I think it will ask you to reboot the controller so save your configuration...

 

It it appear AGAIN with that classification i would open a support case to see if Aruba tac can help me knowing what does mean that classification

 

Anyways thats what i would do... you can wait for Cjoseph to see what he says...

 

Cheers

Carlos

---

@mgeorge wrote:

Rogue AP Info
-------------
Key           Value
---           -----
BSSID         00:0d:97:08:67:6f
SSID          amr
Channel       1
Type          generic-ap
RAP Type      rogue
Status        up
Match Type    Classification-Disabled
Match MAC     00:00:00:00:00:00
Match IP      0.0.0.0
Match AM      OUR AP

Match Method  N/A
Match Time    Sat Sep  1 21:13:46 2012

---

That is because you have Rogue AP classification unchecked in the IDS unAuthorized Device Profile.  When you have that unchecked, you are saying that you want to disable classification methods and just mark ALL access points, besides your own, as Rogues.  This is used when you have a space that is totally your own, and you do not expect anything besides your own APs on your controller to be in that space.  Make sure Rogue AP classification is checked so that the normal classification will be used:

 

Thanks for the info Colllin!

Thanks to all, what's that match MAC, why is it all zeros.

In this situation it does not mean anything. If the ap was discovered on your wired network, that would be the wired mac address discovered for the positive match.

I can assume that AP is not discovered in the wired network and no Outsider AP is connected to my network. I wonder how the controller can classify this as a Rogue. Thank you.

If you configure correctly the L3 Rogue detection

This is what it will happen

The Controller will see that Mac address of that AP through the wired and he will see the BSSID(which is the mac address of the AP in the air) he will match it and he will conclude well this is a rogue AP as im looking it on the air and also im looking it through the wired....

 

Besides that he has other methods to conclude this... you can see all of them in the Rogue AP guide i gave you in the other tread... it is a really useful document...

 

Anyways if i understood correctly your question which is how the controller classifed that ap as rogue well Collin already explained you  when you got the ap classification unchecked you saying ALL The aps he see they are all rogues... and like Collin said it is a very specific scenario in which you will uncheck that box...

 

If this answer the asnwer of Cjoseph asnwer your quesiton you should use the accept as solution  button on the answer that answered it.... :)

 

It is only marked as a rogue because you have classification unchecked, which means all aps that are not on the controller will be marked as rogues. Please make sure classification has a check in the box, like in the screenshot above. If the ap is NOT on your wired network, it should just show up as interfering after you put the check back in there.