CommScope RUCKUS Community Forums

charles_sprickm · ‎03-09-2017

Been googling a bit, but I'm not finding what the difference is between a "rogue AP" (I get that) and a "malicious rogue AP". Also the logging is odd - I get log events of the rogue AP going away, but no mention of it appearing. Log example:


2017/03/09  14:15:09 | High | A Malicious Rogue[40:5d:82:12:5d:93] detection by AP[1c:b9:c4:35:eb:e0] goes away

That MAC belongs to a Netgear device, so I'm assuming it's some consumer router. It would be helpful if an SSID was logged as well...

erin_mcclellen · ‎04-17-2018

I'd still like an answer to this. 🙂

erin_mcclellen · ‎04-17-2018

Also I don't know why this doesn't trigger an email alert. I tested that alerts work (see screenshot). And you can see the checkbox is checked. This is a ZD on latest 10.x.

Image_ images_messages_5f91c46e135b77e247a81f61_2102165a32275493004b5ad2c360551c_RackMultipart20180417389999op9-19650c53-1a70-4f9a-9411-3ef202568a0a-1709490274.png1523986579

Image_ images_messages_5f91c46e135b77e247a81f61_df028936bd3439fcba6bc36245dd24bc_RackMultipart2018041730174b6er-d108c373-7c3f-42a2-a1a3-58118d3278c1-1636714103.png1523986621

erin_mcclellen · ‎05-16-2018

Bump! I can open a case if necessary.

It's a pain to get notified of complaints, then login to the ZD, check the logs, see the rogue is there, and then wonder why I have no email telling me about this. Makes us look sloppy, we're trying to be proactive. The test works correctly and we see the test email. The test email is fine, whitelisted. Looking in spam box there's no evidence of these alerts.

CommScope RUCKUS Community Forums

malicious rogue vs. rogue?