A Rogue AP is an access point that has been installed on a secure network without explicit authorization from a system administrator. Rogue access points pose a security threat because anyone with access to the premises can ignorantly or maliciously install an inexpensive wireless AP that can potentially allow unauthorized parties to access the network.
The AP performs an RF scan on all channels on each radio to detect all APs in the vicinity of the network. If rogue APs are detected, they are shown on the Rogue AP Detection page. If an AP listed as a rogue is legitimate, you can add it to the Known AP List.
Note The Detected Rogue AP List and Trusted AP List provide information that you can use to take further action. The AP does not have any control over rogue APs on the lists and cannot apply any security policies to APs detected through the RF scan.
To view more information about rogue APs, select Wireless > Rogue AP Detection in the main navigation pane.
To view more information about rogue APs, select Wireless > Rogue AP Detection.
When AP detection is enabled, the radio periodically switches from its operating channel to scan other channels within the same band.
Rogue AP detection can be enabled and disabled. To enable the radio to collect information about rogue APs, click Enable next to AP Detection for Radio 1 or Radio 2 and then click Save.
Rogue AP detection does not have a refresh method and the SSID are retained in the database once detected.
Information about detected and trusted rogue access points appears. You can click Refresh to refresh the screen and show the most current information:
• Action—If the AP is in the Detected Rogue AP List, you can click Trust to move the AP to the Trusted AP List.
If the AP is in the Trusted AP list, you can click Untrust to move the AP to the Detected Rogue AP List.
Note The Detected Rogue AP List and Trusted AP List provide information. The AP does not have any control over the APs on the list and cannot apply any security policies to APs detected through the RF scan.
• MAC Address—The MAC address of the rogue AP.
• Radio—Indicates whether the rogue AP is detected on Radio 1 (wlan0) or Radio 2 (wlan1).
• Beacon Interval—The beacon interval used by the rogue AP.
Beacon frames are transmitted by an AP at regular intervals to announce the existence of the wireless network. The default behavior is to send a beacon frame once every 100 milliseconds (or 10 per second).
Note The Beacon Interval is set on the Radio page.
– AP indicates the rogue device is an AP that supports the IEEE 802.11 Wireless Networking Framework in Infrastructure Mode.
– Ad hoc indicates a rogue station running in Ad hoc mode. Stations set to Ad hoc mode communicate with each other directly, without the use of a traditional AP. Ad hoc mode is an IEEE 802.11 Wireless Networking Framework also referred to as peer-to-peer mode or an Independent Basic Service Set (IBSS).
• SSID—The Service Set Identifier (SSID) for the WAP device.
The SSID is an alphanumeric string of up to 32 characters that uniquely identifies a wireless local area network. It is also referred to as the Network Name.
• Privacy—Indicates whether there is any security on the rogue device:
– Off indicates that the Security mode on the rogue device is set to None (no security).
– On indicates that the rogue device has some security in place.
Note You can use the Networks page to configure security on the AP.
• WPA—Whether WPA security is on or off for the rogue AP.
• Band—The IEEE 802.11 mode being used on the rogue AP. (For example, IEEE 802.11a, IEEE 802.11b, IEEE 802.11g.)
The number shown indicates the mode:
– 2.4 indicates IEEE 802.11b, 802.11g, or 802.11n mode (or a combination of the modes).
– 5 indicates IEEE 802.11a, 802.11n, or 802.11ac mode (or a combination of the modes).
• Channel—The channel on which the rogue AP is currently broadcasting.
The channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving.
Note You can use the Radio page to set the channel.
Note When AP is operating in DFS channel, scanning is prohibited. Hence No Rogue APs will be detected.
• Rate—The rate in megabits per second at which the rogue AP is currently transmitting.
The current rate is always one of the rates shown in Supported Rates.
The reported rate is the speed of the last packet transmitted from the AP to the client. This value can vary within the advertised rate set based on the signal quality between the AP and client and the rate at which broadcast or multicast frames are sent. When the AP sends a broadcast frame to a STA using the default rates, then the field will report 1 Mbps for 2.4Ghz radios and 6 Mbps for 5Ghz radios. Clients that are idle are most likely to report the low default rates.
• Signal—The strength of the radio signal emitting from the rogue AP. If you hover the mouse pointer over the bars, a number representing the strength in decibels (dB) appears.
• Beacons—The total number of beacons received from the rogue AP since it was first discovered.
• Last Beacon—The date and time of the last beacon received from the rogue AP.
• Rates—Supported and basic (advertised) rate sets for the rogue AP. Rates are shown in megabits per second (Mbps).
All Supported Rates are listed, with Basic Rates shown in bold. Rate sets are configured on the Radio page.
Creating and Saving a Trusted AP List
To create a Trusted AP List and save it to a file:
1. In the Detected Rogue AP List, click Trust for APs that are known to you. The Trusted APs move to the Trusted AP List.
2. In the Download/Backup Trusted AP List area, select Backup (AP to PC).
The list contains the MAC addresses of all APs that have been added to the Known AP List. By default, the filename is Rogue2.cfg. You can use a text editor or web browser to open the file and view its contents.
You can import a list of known APs from a saved list. The list might be acquired from another AP or created from a text file. If the MAC address of an AP appears in the Trusted AP List, it is not detected as a rogue.
To import an AP list from a file, use these steps:
1. In the Download/Backup Trusted AP List area, select Download (PC to AP).
2. Click Browse and choose the file to import.
The file that you import must be a plain-text file with a .txt or .cfg extension. Entries in the file are MAC addresses in hexadecimal format with each octet separated by colons, for example 00:11:22:33:44:55. You must separate entries with a single space. For the AP to accept the file, it must contain only MAC addresses.
3. Choose whether to replace the existing Trusted AP List or add the entries in the imported file to the Trusted AP List.
a. Select Replace to import the list and replace the contents of the Known AP List.
b. Select Merge to import the list and add the APs in the imported file to the APs currently shown in the Known AP List.
When the import is complete, the screen refreshes and the MAC addresses of the APs in the imported file appear in the Known AP List.