Rogue and Honeypot AP Configuration

Honeypot APs are unauthorized APs advertising your SSID.  A malicious hacker might be trying to spoof your login screen to capture your password.  This is obviously a security risk and should be monitored. Detection of Honeypot APs can prevent such threats to your network and is enabled by default under Site Settings.

Mist AP’s also scan for unknown APs who are classified as a Neighbor AP.  You can set an RSSI threshold as a criteria for detecting these Neighbor APs in proximity of your network.

Rogue APs are defined as any AP not claimed onto your Organization, but detected as connected on the same wired network.  Rogue APs share the same Local area network, but are unknown to your Organization.

The Rogue AP detection is disabled by default. Please go to Organization -> Site Configuration to enable it.  Here you can enter an RSSI threshold value at which APs will be detected as neighbor/rogue. The default RSSI is -80dBm – you may set the RSSI Threshold for Rogue AP detection between -40dBm to -100dBm.  Also, set a Time threshold for Neighbor AP detection to prevent getting flooded with “neighbor” APs which only appear momentarily.

To prevent sanctioned APs from being identified as Rogue or Honeypot, allowlist the specific SSID and BSSIDs of known access points in the Security Configuration box.

To view the list of Neighbor, Rogue, and Honeypot APs, navigate to Site -> Security.  Rogue and Honeypot APs are under the Threats tab, and Neighbor APs has its own tab.  You can switch between the tabs to view the desired APs.