This legacy WIPS configuration enables you to detect unauthorized access points in the area.
Note
Rogue Access Point Detection is supported on 802.11ac or older model Access Points ONLY.An Extreme Networks AP builds a MAC learning table from source MAC addresses in the broadcast traffic it receives from devices in its Layer 2 broadcast domain. When an AP running XOS 5.0r2 or later detects a rogue AP through any of the rogue detection mechanisms in the WIPS policy, it checks the MAC learning table for an entry within a 64-address range above or below the BSSID of the invalid SSID. If there is a match, it is assumes that both MAC addresses belong to the same device. Because one of its addresses is in the MAC learning table, the rogue is considered to be in the same backhaul network as the detecting AP, and In Net displays in the In Network column for that rogue in the list of rogue APs. You can then take appropriate steps to mitigate the rogue.
For example, if you have a network security policy that requires all SSIDs to use Enterprise 802.1x, then any valid SSID using Enterprise 802.1x makes the access point hosting it valid. On the other hand, an access point is categorized as a rogue if it hosts an SSID using WEP or no encryption at all.
Note
You can add up 1024 SSIDs to a WIPS policy. If you enable SSID detection but do not add any SSIDs to the list, the AP will consider all SSIDs to be rogue because no SSID is indicated as being valid.Note
When stations in an ad hoc network or IBSS (independent basic service set), transmit 802.11 beacons and probe responses, the ESS (extended service set) bit is set to 0 and the IBSS bit is set to 1, indicating IBSS capability. When APs detect these types of management frames, they categorize those stations transmitting them as members of an ad hoc network and as rogue.Note
You can change the duration that elapses before disconnected rogue clients are deleted from the reports.Note
Use caution when mitigating a suspected rogue AP. If your WLAN is within range of other neighboring wireless networks, the access point that might initially be considered a rogue AP, along with its clients, might be valid in another WLAN.Note
Use only the automatic mode for rogue APs that are in-network (in the backhaul network of your organization). Otherwise, automatic mitigation can impact the normal operation of valid APs belonging to a nearby business by blocking their wireless clients from connecting to their APs. Reference the appropriate FCC regulations that prohibit Wi-Fi blocking in these cases.