Technical data
Configuring Rogue AP Mitigation with Web UI
© 2012 Meru Networks, Inc. Rogue AP Detection and Mitigation 185
Configuring Rogue AP Mitigation with Web UI
To prevent clients of unauthorized APs from accessing your network, enable the
options for both scanning for the presence of rogue APs and mitigating the client
traffic originating from them. These features are set globally, with the controller
managing the lists of allowable and blocked WLAN BSSIDs and coordinating the set of
APs (the Mitigating APs) that perform mitigation when a rogue AP is detected.
When rogue AP scanning (detection) is enabled, for any given period, the AP spends
part of the time scanning channels (determined by the setting Scanning time in ms),
and part of the time performing normal AP WLAN operations on the home channel
(determined by the setting Operational time in ms). This cycle of scan/operate
repeats so quickly that both tasks are performed without noticeable network opera-
tion degradation.
The channels that are scanned by a particular AP are determined by the model of the
AP. As a result of the channel scan, a list of rogue APs is compiled and sent by the
controller to a number of Mitigating APs that are closest to the rogue AP. Mitigating
APs send mitigation (deauth) frames to the rogue AP where clients are associated to
remove those clients from the network. This presence of the rogue AP generates
alarms that are noted on the Web UI monitoring dashboard and via syslog alarm
messages so the administrator is aware of the situation and can then remove the
offending AP or update the configuration list.
As well, if a rogue device seen on the wired interface of the AP and if the device is
in the AP’s discovered list of stations a wired rogue notification will be sent via the
Web UI monitoring dashboard and syslog alarm message. If the rogue client is associ-
ated with the AP, that client is also classified as a rogue.