cancel
Showing results for 
Search instead for 
Did you mean: 

Same SSID under vSZ(3.2.1.0.193) is being shown Rogue by Some APs in the Same Zone

raazuko
New Contributor III
We have a deployment of 80 APs at a site and everything is fine except some of the APs in same Zone are marking each other Rogue and is showing ssid-spoof/same network spoof.Should we be worried?Also is there any misconfiguration in AP-Zone
2 REPLIES 2

michael_brado
Esteemed Contributor II
Does it show the rogue mac address with all zeros?

That's a symptom of bug SCG-52789: False reporting of Malicious AP (SSID-Spoof).

If similar, please open a ticket with tech support.

Ask if your issue could also be SCG-46716: AP misjudged neighbor AP as SSID-Spoofing after AP boot complete.
or
ER-3066: Ruckus AP detecting other Ruckus AP as rogue (reported on SZ 3.1.1.0.450).

seanmuir
Contributor III
It is also worth nothing that rogue reporting works on 2 timers:

1. "Rogue-AP-Record" timer - when a managed AP detects a rogue, it will send a rogue-ap-record to SCG. The lifetime of this record is 1 hour.

2. "Rogue-AP-Entry" timer - if the rogue AP is not detected by any managed APs within the 24 hour period, the rogue AP entry will be removed from SCG.

You could argue that the above mechanisms ensure that the system should be fairly resilient to the issue should it occur, and the issue of false rogue reporting only occurs with SCG-controlled APs which have been restored to network, perhaps with an old configuration present, for example.

Note: WIP/WID are going to be overhauled and the way in which Ruckus reports and deals with rogue devices is going to be a lot better moving forward.