1. Documentation
  3. Wireless
  5. Configuration
  7. Security and Rogue AP Detection
  9. Rogue Clients Detection

Rogue Clients Detection

Modified on

Rogue APs are any APs that share your same wired network, but are unknown to your Organization.  Clients connected to any of the Rogue APs are defined as Rogue Clients.  To view detected Rogue APs, navigate to Network > Security and select the Threats tab.  Click on any of the Rogue SSIDs to see a list of Rogue clients connected.

We provide the ability to terminate Rogue devices as a security measure for your own network.  Any client connected to the selected Rogue AP will be kicked off their network when you select the Terminate Rogue command on the Rogue SSID.  This is found in the Action column.  Clicking on the dotted menu button will reveal the Terminate Rogue capability.

Please refer to this page for more information about Rogue, Neighbor, and Honeypot APs: https://www.mist.com/documentation/rogue-neighbor-honeypot-aps/

Client Classification

We are improving our network security functionality by including client classifications for better visibility for identifying threats to the network.  Clients who you want to allow on your site can be labeled as sanctioned clientsWatched clients are the clients you wish to ban from your site.  Clients which are sanctioned or watched are classified as unsanctioned.  These classifications will have more functionality in the future when we introduce the ability to block watched clients or only allow sanctioned clients to connect to your WLANs.

To assign classifications to clients, navigate to Network > Security and select the View Client Classification button on the top right corner.  Here, you may add the MAC addresses of clients you wish to either sanction or watch.  Either type out manually (separated by commas), or upload a csv file of your list.

In your Rogue AP and Sanctioned APs tabs, you can see the number of Rogue clients detected from that AP or SSID.  Hovering over this client count will reveal the breakdown of sanctioned, unsanctioned, and watched clients as defined in the Client Classification menu.

Labeling the clients with specific classifications is our first step in the roadmap to blocking and allowing clients from connecting to your Site.  We will keep you updated with future enhancements in dealing with allowlisting and blocklisting specific clients.

There can be legal implications using Rogue Detection incorrectly.