Same SSID under vSZ(3.2.1.0.193) is being shown Rogue by Some APs in the Same Zone

  • 1
  • Question
  • Updated 1 year ago
We have a deployment of 80 APs at a site and everything is fine except some of the APs in same Zone are marking each other Rogue and is showing ssid-spoof/same network spoof.Should we be worried?Also is there any misconfiguration in AP-Zone
Photo of Raju Koirala

Raju Koirala

  • 16 Posts
  • 1 Reply Like

Posted 1 year ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2101 Posts
  • 297 Reply Likes
Does it show the rogue mac address with all zeros?

That's a symptom of bug SCG-52789: False reporting of Malicious AP (SSID-Spoof).

If similar, please open a ticket with tech support.

Ask if your issue could also be SCG-46716: AP misjudged neighbor AP as SSID-Spoofing after AP boot complete.
or
ER-3066: Ruckus AP detecting other Ruckus AP as rogue (reported on SZ 3.1.1.0.450).
Photo of Sean

Sean

  • 346 Posts
  • 88 Reply Likes
It is also worth nothing that rogue reporting works on 2 timers:

1. "Rogue-AP-Record" timer - when a managed AP detects a rogue, it will send a rogue-ap-record to SCG. The lifetime of this record is 1 hour.

2. "Rogue-AP-Entry" timer - if the rogue AP is not detected by any managed APs within the 24 hour period, the rogue AP entry will be removed from SCG.

You could argue that the above mechanisms ensure that the system should be fairly resilient to the issue should it occur, and the issue of false rogue reporting only occurs with SCG-controlled APs which have been restored to network, perhaps with an old configuration present, for example.

Note: WIP/WID are going to be overhauled and the way in which Ruckus reports and deals with rogue devices is going to be a lot better moving forward.