A new Same-Network Rogue

  • 1
  • Question
  • Updated 3 years ago
I have an alarms from Ruckus Zone Director "An alarm 'Same-Network Rogue AP Detected' was triggered." And the BSSID of the AP is the BSSID that I have on my cell phone to share Internet. But my cell phone cannot be connected to our internal wireless and act as Wi-Fi hotspot at the same time. So what does "Same Network" mean in this situation?

Photo of Roman Tiulmankov

Roman Tiulmankov

  • 2 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Bill Burns

Bill Burns, AlphaDog

  • 203 Posts
  • 42 Reply Likes
Your phone is using the same SSID as your enterprise WiFi.
That's bad.
Change the SSID that your phone uses for "MiFi".
Photo of Roman Tiulmankov

Roman Tiulmankov

  • 2 Posts
  • 0 Reply Likes
Sorry. I put it incorrectly. SSID of my internal WiFi is different from my Cell Phone SSID. 
Photo of Wuti Kinghirunwatana

Wuti Kinghirunwatana

  • 1 Post
  • 1 Reply Like
If you can what they wrote in this link. You will understand the phenomenon I am about to explain.

1. Your mobile phone has Hotspot turned on. But your mobile phone is connecting with Ruckus AP.

2. Your mobile phone (as wifi client) sent Broadcast packet as usual. Ruckus AP received that Broadcast packet and transfer that broadcast packet to its ethernet port (LAN port) as usual. This broadcast network's Source MAC is your mobile phone's wifi MAC address.

3. Other Ruckus AP has received this broadcast packet and put your mobile phone's wifi MAC address into its Dynamic MAC memory.

4. Somehow, your mobile phone got disconnected from Ruckus AP wifi connection. Your mobile phone suddenly turns itself into Hotspot AP.

5. As Hotspot AP. Your mobile phone start announcing Beacon packet over the air. Sender MAC address of this Beacon packet is your mobile phone's MAC address.

6. Ruckus AP that previously received your mobile phone's Broadcast packet on the LAN cable. Now it also received a beacon packet from the air with the same phone's MAC address. This MAC address then be identified as "Same network rogue" (see the link about Same-network rogue).

Hope this answer the one year question.