How can I premanent delete rogue SSIDs from Currently Active Rogue Devices List?

  • 1
  • Question
  • Updated 7 months ago
  • Answered
I using ZD 1200 with 62 APs (R500=13 pcs & R310=49pcs) at 8th floor appartment. Almost floors have 8 AP. I saw a lot of rogue SSIDs and I did Mark As Malicious action but appearing again and again rogue SSIDs. Now I did action around 400 rogue but still appearing new rogue SSID. How can I do action for the best?



Thanks and Best Regards,


Lin

Photo of Ko Lin

Ko Lin

  • 3 Posts
  • 0 Reply Likes

Posted 7 months ago

  • 1
Photo of Albert Pierson

Albert Pierson, Employee

  • 132 Posts
  • 114 Reply Likes
Hello Lin,

Have you tried selecting "Mark as Known"

Ruckus marks neighbor Access Point, based on scanning for beacon,s as rogues but this does not mean they are causing issues on your network.

Malicious rogues are detected AP's that might be causing issues or attacking your network and if you enable Malicious rogue prevention the Ruckus AP's will try to block users from connecting to these devices.

If you enable rogue prevention and then mark valid neighbor detected AP's (via BSSID - MAC address in the beacons) you could be blocking valid clients from connecting to valid AP's ... this may not be legal in many locations.

Even if you mark detected neighbor AP's as Known they may appear again if new AP's (with  new BSSID MAC addresses or new SSID's are detected).  Also the neighbor AP's may be getting detected by multiple AP's in your network, and each of these will provide an entry in the rogue list.

Here are some additional Knowledge Base articles on rogue detection and prevention:

Details on Rogue APs and Rogue DHCP 

Query on Rogue -APs Vs Rogue -DHCP
https://support.ruckuswireless.com/articles/000003248

Ruckus Rogue Detection type classification

Type of Rogue Access Points detected by Ruckus ZoneFlex system
https://support.ruckuswireless.com/articles/000001261

I hope this information is helpful,

Thanks for choosing Ruckus Networks - a Commscope company


Photo of Ko Lin

Ko Lin

  • 3 Posts
  • 0 Reply Likes
Dear Albert Pierson,

Thanks for your detail reply. So I should action Mark as Known for all rogue SSID from Currently Active list?


Best Regards,

Lin
(Edited)
Photo of Albert Pierson

Albert Pierson, Employee

  • 132 Posts
  • 114 Reply Likes
Hi Lin,

Yes, to remove known devices (neighbor AP's) from the list you can mark them as known.

As I tried to describe earlier - rogues are listed by BSSID (MAC of SSID), SSID and which Ruckus AP detected the neighbor and listed it as known.  If other AP's detect the same SSID and BSSID or the SSID or BSSID (another AP) starts transmitting then a new rogue will be listed as detected.

I would not recommend setting these AP's as malicious and also I would not use rogue prevention as it can actually disconnect your valid clients from the network.

I hope this information is helpful.

Albert