cancel
Showing results for 
Search instead for 
Did you mean: 

What are Rogue devices

bdillard
Contributor II

I have rogue devices and I'll be honest I'm not really sure what that means - 

When I go to Services - WIPS - Rogue Devices.

1 ACCEPTED SOLUTION

Hi @bdillard 
Yes, any network that the AP detects which is not part of your network is considered as Rogue AP. If you are aware of that network\SSID, then you can mark it as "Known". And if you are facing issue from that SSID, then you can mark it as "Malicious" then the clients will not be able to connect to that SSID.
Note: When you mark it as "Malicious" then the Ruckus APs will send the deauth using the Rogue AP's MAC, which the client thinks that the Rogue AP is sending the deauth, so there are chances that the Other network clients will also gets disconnect from that Rogue AP if the clients sees the deauth from Ruckus AP. So please plan it accordingly before marking the Rogue AP as "Mallicious"

View solution in original post

3 REPLIES 3

sanjay_kumar
RUCKUS Team Member

Hi @bdillard 

Rogue AP: A Rogue AP is any AP that your AP can hear the beacons from that is not part of your wifi network. Another vendors AP\Hotspot is nearby or in next building will show up as a rogue. Not usually a problem unless they are causing issue to your office wifi.

Malicious Rogue AP: Malicious AP is an AP that your AP can hear and its either transmitting your SSID (man in the middle attack) usually with an open SSID which clients may prefer and will connect to it instead of your AP. Or another scenario is when an AP that is not part of your wifi system and it is on your network.

When you are configuring the policies, the priority of the rules within a single classification policy matters
For example, you may wish to specify a policy in which low RSSI rogues are ignored, but SSIDs matching "Test" are classified as rogue.
In this case, you should apply the low RSSI priority first, such that even if the "Test" SSID is detected, it is still ignored because the rogue AP would have low RSSI.


Below  article which explains more on the Rogue AP:
https://support.ruckuswireless.com/articles/000010538

bdillard
Contributor II

Sorry for the slow uptake - so any wifi device in you area that isn't part of your network is a rogue unit?   E.g. office space next to ours has their own wifi network and we can "see" it from our computers in our office?

Hi @bdillard 
Yes, any network that the AP detects which is not part of your network is considered as Rogue AP. If you are aware of that network\SSID, then you can mark it as "Known". And if you are facing issue from that SSID, then you can mark it as "Malicious" then the clients will not be able to connect to that SSID.
Note: When you mark it as "Malicious" then the Ruckus APs will send the deauth using the Rogue AP's MAC, which the client thinks that the Rogue AP is sending the deauth, so there are chances that the Other network clients will also gets disconnect from that Rogue AP if the clients sees the deauth from Ruckus AP. So please plan it accordingly before marking the Rogue AP as "Mallicious"