[RESOLVED] Definition of Rogue and Interfering APs
I’m trying to understand the exact definition of Stellar for both Rogue APs, and Interfering APs. My understanding is the following:
1- Interfering APs: adjacent AP that is emitting interfering SSIDs in the same radio space, and is not managed by the WLAN system. For example, a mobile phone hotspot.
2- Rogue APs: APs that are connected on the same wired network, but not managed by WLAN system (OV2500 for example). These are more dangerous because clients connected there can potentially access the network.
Now in a Stellar installation for one customer, we are looking at a list of rogue APs that contains some mobile phones. I don’t understand how a mobile phone hotspot can be classified as a rogue AP.
If anyone can explain please let me know.
The Signal Strength policy is something that you can enable if you want but is not always a good idea classified an AP as rogue based on the RSSI. The default algorithm to classified a Rogue AP is an AP that is propagating the same SSID than Stellar but is not managed by Stellar.
I think its not must to be the same SSID. If its same SSID we go with classification of valid SSID .On the classification based on Signal Strength threshold of interfering SSID we can can classify as rogue AP. Sorry i mentioned on as SNR which i corrected.
Rogue AP is essentially an AP not managed by Stellar, OV2500 or Cirrus that is propagating the same ESSID or ESSID's, not necessarily connected to the same wired network.
Hi, in addition to the answer above : in the rogue AP section of the WIPS module there is a "Rogue Reason Column" Indicating the reason for classifying the foreign AP as a rogue AP. this column is hidden in the default table layout. You may scroll on the right to see this column and rearrange the default view to have the “rogue reason” at first sight. Check the attached screenshot for example.
On the classification based on Signal strength threshold of interfering ssid we can classify as rogue AP