Rogue Clients

Under Manage > Security > Rogue Clients, a table displays details for devices that are enabled with a wireless intrusion prevention system (WIPS) configuration that includes ad hoc network settings. These devices detect wireless clients participating in an ad hoc network.

Note

An ad hoc network (also referred to as an IBSS, or independent basis service set) consists of two or more wireless clients that communicate with each other directly instead of through an access point.

Devices can only detect rogue clients in an ad hoc network if the client uses the same channel as the device access radio, and if the device has background scanning enabled on that radio. View the table as follows:

A graph displays a colored timeline representing data captured for rogue clients within the specified time frame. You can change the time frame using the Time Range controls. For more information, see Set the Time Frame for Captured Data Displays and Reports. Details about the data captured within this time frame are listed in the table below the graph.

The Rogue Clients table displays all of the rogue clients that have been detected in your network. Select the Rogue check box to list in-net rogues. Select the Unauthorized check box to list unauthorized rogues, or the rogues that have been removed from your network.

The table has variable-width columns to display longer entries. Select and drag the right edge of any column left or right to change the column width. Some columns are sortable; select the column heading to sort column entries. By default, this table displays the following information:

MAC Address: The MAC address of the rogue client.
Vendor: The client vendor.
Classification: Whether the client is considered a true rogue, or a neighbor.
SSID: The SSID that is being announced by the client beacons.
Approximate Location: The location of the client or reporting AP in your network.
Device Name: The authorized device that reported the rogue client.
First Time Detected : The first time the client was detected in your network.
Last Time Detected: The last time the client was detected in your network.

Classify Rogue Clients

To classify rogue clients, select the check box for the client and then select Classify. From the drop-down list, select Neighbor, Removed, or Auto-classify.