HPE Community
M and MSM Series
1753819 Members
9484 Online
108805 Solutions
New Discussion

Own APs detected as Rogue?

 
Ascendor
Frequent Advisor

‎07-19-2017 08:26 AM

‎07-19-2017 08:26 AM

Own APs detected as Rogue?

We have a setup of two teamed MSM765 controllers and ~60 access points.

We have a lot of alarms claiming that authenticated clients associated with a rogue access point.
Example: 

 

Authorized client (mac='xx:xx:xx:xx:xx:xx') associated to an unauthorized device detected. BSSID: (mac='98:4B:xx:xx:xx:x1'), Band: (value='2.4GHz'), Classification: (value='Rogue'), SNRs: (value='xx:xx:xx:xx:xx:xx,13;xx:xx:xx:xx:xx:xx,6;xx:xx:xx:xx:xx:xx,5;').

The "funny" part is on the mac address of the so-called unauthorized device: It is always a BSSID of our own access points, and it's always the second BSSID of those APs.  (Hence the "1" in the last part of the mac address above. Though, that could be coincidence, since this second BSSID is used a lot more than the first one).
And if I look up that mac address on Security => Neighborhood, it is correctly displayed as "Authorized (controlled)"-

The alarms are usually cleared after a few seconds, yet they spam our logs and make it nearly impossible to remain cautious about _real_ rogue APs.

So it looks like either the system is flappingly detecting our own APs as rogue or it doesn't really recognize the second BSSID as authorized.

We've recently upgraded from 6.6.5.0 to 6.6.7.0, but I can't really say whether this has occurred before.

 

Any ideas?

3 REPLIES 3
Ascendor
Frequent Advisor

‎07-20-2017 01:24 AM

‎07-20-2017 01:24 AM

Re: Own APs detected as Rogue?

In the meatime I tried a factory reset on one of the affected APs, and a remove&rediscover. No change, after finishing it reappeared directly.

Ascendor
Frequent Advisor

‎07-28-2017 03:29 AM

‎07-28-2017 03:29 AM

Re: Own APs detected as Rogue?

Nobody has an idea? I have the suspicion that these false positive detections are the reason for intermittent connectivity problems we see on the client devices (they are connected to the wifi, but can't make a TCP connection to other network devices/internet)

Ascendor
Frequent Advisor

‎08-03-2017 08:09 AM

‎08-03-2017 08:09 AM

Re: Own APs detected as Rogue?

Opened support case: 5321881246 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.