- Community Home
- >
- Networking
- >
- Wireless
- >
- M and MSM Series
- >
- Own APs detected as Rogue?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2017 08:26 AM
07-19-2017 08:26 AM
Own APs detected as Rogue?
We have a setup of two teamed MSM765 controllers and ~60 access points.
We have a lot of alarms claiming that authenticated clients associated with a rogue access point.
Example:
Authorized client (mac='xx:xx:xx:xx:xx:xx') associated to an unauthorized device detected. BSSID: (mac='98:4B:xx:xx:xx:x1'), Band: (value='2.4GHz'), Classification: (value='Rogue'), SNRs: (value='xx:xx:xx:xx:xx:xx,13;xx:xx:xx:xx:xx:xx,6;xx:xx:xx:xx:xx:xx,5;').
The "funny" part is on the mac address of the so-called unauthorized device: It is always a BSSID of our own access points, and it's always the second BSSID of those APs. (Hence the "1" in the last part of the mac address above. Though, that could be coincidence, since this second BSSID is used a lot more than the first one).
And if I look up that mac address on Security => Neighborhood, it is correctly displayed as "Authorized (controlled)"-
The alarms are usually cleared after a few seconds, yet they spam our logs and make it nearly impossible to remain cautious about _real_ rogue APs.
So it looks like either the system is flappingly detecting our own APs as rogue or it doesn't really recognize the second BSSID as authorized.
We've recently upgraded from 6.6.5.0 to 6.6.7.0, but I can't really say whether this has occurred before.
Any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2017 01:24 AM
07-20-2017 01:24 AM
Re: Own APs detected as Rogue?
In the meatime I tried a factory reset on one of the affected APs, and a remove&rediscover. No change, after finishing it reappeared directly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-28-2017 03:29 AM
07-28-2017 03:29 AM
Re: Own APs detected as Rogue?
Nobody has an idea? I have the suspicion that these false positive detections are the reason for intermittent connectivity problems we see on the client devices (they are connected to the wifi, but can't make a TCP connection to other network devices/internet)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2017 08:09 AM
08-03-2017 08:09 AM
Re: Own APs detected as Rogue?
Opened support case: 5321881246