CommScope RUCKUS Community Forums

raazuko · ‎08-21-2016

We have a deployment of 80 APs at a site and everything is fine except some of the APs in same Zone are marking each other Rogue and is showing ssid-spoof/same network spoof.Should we be worried?Also is there any misconfiguration in AP-Zone

michael_brado · ‎08-23-2016

Does it show the rogue mac address with all zeros?

That's a symptom of bug SCG-52789: False reporting of Malicious AP (SSID-Spoof).

If similar, please open a ticket with tech support.

Ask if your issue could also be SCG-46716: AP misjudged neighbor AP as SSID-Spoofing after AP boot complete.
or
ER-3066: Ruckus AP detecting other Ruckus AP as rogue (reported on SZ 3.1.1.0.450).

seanmuir · ‎08-25-2016

It is also worth nothing that rogue reporting works on 2 timers:

1. "Rogue-AP-Record" timer - when a managed AP detects a rogue, it will send a rogue-ap-record to SCG. The lifetime of this record is 1 hour.

2. "Rogue-AP-Entry" timer - if the rogue AP is not detected by any managed APs within the 24 hour period, the rogue AP entry will be removed from SCG.

You could argue that the above mechanisms ensure that the system should be fairly resilient to the issue should it occur, and the issue of false rogue reporting only occurs with SCG-controlled APs which have been restored to network, perhaps with an old configuration present, for example.

Note: WIP/WID are going to be overhauled and the way in which Ruckus reports and deals with rogue devices is going to be a lot better moving forward.

CommScope RUCKUS Community Forums

Same SSID under vSZ(3.2.1.0.193) is being shown Rogue by Some APs in the Same Zone