[RESOLVED] Definition of Rogue and Interfering APs

Topic

Definition of Rogue and Interfering APs

Hi,

I’m trying to understand the exact definition of Stellar for both Rogue APs, and Interfering APs. My understanding is the following:

1- Interfering APs: adjacent AP that is emitting interfering SSIDs in the same radio space, and is not managed by the WLAN system. For example, a mobile phone hotspot.

2- Rogue APs: APs that are connected on the same wired network, but not managed by WLAN system (OV2500 for example). These are more dangerous because clients connected there can potentially access the network.

Now in a Stellar installation for one customer, we are looking at a list of rogue APs that contains some mobile phones. I don’t understand how a mobile phone hotspot can be classified as a rogue AP.

If anyone can explain please let me know.

Thanks

Date
10.04.2019
answers
5
views
105
Author
Asked by thomassimon
RESOLVED
Reply

Answers

The Signal Strength policy is something that you can enable if you want but is not always a good idea classified an AP as rogue based on the RSSI. The default algorithm to classified a Rogue AP is an AP that is propagating the same SSID than Stellar but is not managed by Stellar.

Date
23.04.2019
Author
Asked by oma-stellar
Add Comment
Vote

I think its not must to be the same SSID. If its same SSID we go with classification of valid SSID .On the classification based on Signal Strength threshold of interfering SSID we can can classify as rogue AP. Sorry i mentioned on as SNR which i corrected.

Date
16.04.2019
Author
Asked by benben
Add Comment
Vote

Rogue AP is essentially an AP not managed by Stellar, OV2500 or Cirrus that is propagating the same ESSID or ESSID's, not necessarily connected to the same wired network.

Date
15.04.2019
Author
Asked by thomas_deoliveira
Add Comment
Vote

Hi, in addition to the answer above : in the rogue AP section of the WIPS module there is a "Rogue Reason Column" Indicating the reason for classifying the foreign AP as a rogue AP. this column is hidden in the default table layout. You may scroll on the right to see this column and rearrange the default view to have the “rogue reason” at first sight. Check the attached screenshot for example.

Date
13.04.2019
Author
Asked by klentil
Add Comment
Vote
Comments
by klentil
Rogue Reason includes : Signal Strength Too Strong, Channel is Switching Too Often, Broadcasting Conflicted SSID, Matching SSID Keyword o Matching the Suspected MAC OUI.

On the classification based on Signal strength threshold of interfering ssid we can classify as rogue AP

Date
11.04.2019
Author
Asked by benben
Add Comment
Vote