This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Rogue APs detection / exceptions

gsfakian
New Contributor III

‎07-19-2023 04:34 AM

Hi to all... on the same area i have two differnet networks one with vSZ and some ruckus APs and another network with Unifi Controller and APs... i can see that ruckus detect many of the unifis as Rogue and probably blocks them.. (i cannot fully understand what 'block' means)... i found the WIPS rules but can i add some exceptions so any of the unifi's are not detected as rogues? 

Thanks!

0 Kudos
2 REPLIES 2

Ayush_Tripathi
RUCKUS Team Member

‎07-19-2023 07:01 AM

Hello @gsfakian 

  • SZ will send malicious list (that include Ruckus and 3rd party AP) to Ruckus AP terminating on the controller in every 15 minutes.
  • The malicious list pushed from SZ consists of BSSIDs only and AP will send broadcast deauthentication frame, when "Protect the network" function is enabled, during the background scan.

Please refer the below Knowledge base article to configure the Rogue Detection policy.

https://support.ruckuswireless.com/articles/000010538

You can configure the rogue classification policy as "Known" for the Unify APs. 

0 Kudos

sanjay_kumar
RUCKUS Team Member

‎07-20-2023 12:14 AM

Hi @gsfakian 

When the WIPS is enabled, Ruckus APs will try to scan and detect the Rogue APs, which are basically 3rd party APs which is broadcasting nearby.

Based on the settings configured, Ruckus APs are capable of "Just to detect and notify" or "Detect and block it".
Ruckus APs will send a deauth packets using the 3rd party APs BSSID, so that your network clients or any clients able to receive this packet from Ruckus AP will not be able to connect to the SSID which is broadcasting from the Unifi AP.

On the Zone settings, if you have "Rogue AP Detection" and "Protect the network from malicious rogue access points" enabled, then the AP will send deauth blocking the clients to connect to Unifi AP.

In that case, go to Rogue Device list >> Select the Unifi APs >> Select "Mark as known".

sanjay_kumar_0-1689837112345.png


Or you can simple disable the option "Protect the network from malicious rogue access points" on the zone settings.

Copyright © 2024 Khoros, LLC