The Wireless Rogues page displays a list of wireless devices that have been identified as rogues by the Wireless Infrastructure. The Rogues page is intended to help you identify foreign wireless devices that emulate access point devices (rogues) in order to mitigate risk. Using this interface, you can sort displayed devices by Time, SSID, or MAC Address, search for a specific wireless device, exclude devices of which you are already aware and/or known devices in close geographic proximity to your wireless network and are certain to pose no threat to your network, and limit the display to show devices polled during a specific date range.
For each rogue detected, the following information is displayed:
Note: If Current is selected as the reporting interval, the Rogues page only displays the SSID and MAC Address of rogues currently visible.
The devices displayed on the Rogue page are grouped by the access points on which they are/were connected. An SSID/MAC Address combination may appear under more than one access point indicating it is a roaming device hopping from one access point to another. Clicking the icon to the left of any access point displayed launches a dialog containing detailed AP information. Specific dialog content is identical to detailed device information displayed when you click on an access point icon on the Wireless Map page. For a description, see Map.
To sort rogues:
Note: If Current is selected as the reporting interval, the Rogues page can only be sorted by SSID or MAC address.
Rogues can be excluded from the display if they are known devices or if you are certain they pose no threat to your network. When a rogue is excluded from the list, existing data for that rogue is now hidden from both the rogues page and the rogue count performance and dashboard reports. Additionally, any applicable thresholds in Alert Center will no longer report trigger alerts for the rogue and Wireless no longer collects data for that rogue when wireless devices are polled. If you remove the rogue from the excluded rogues list, there will be a gap in data for that rogue between time of initial rogue exclusion and inclusion back into the rogues page.
To exclude devices:
For more information on managing excluded rogues, see Add to Excluded Rogues and Manage Excluded Rogues.
To search for a specific device:
or
Note: When comparing a rogue's MAC or IP address against the entered search term, the results returned reflect rogue IP or MAC addresses that begin with the search term entered. When comparing a rogue's name or SSID against the entered search term, results returned reflect SSIDs and names containing the search term entered.
In addition to excluding individual devices one at a time from the rogues list, you can also search the database for devices to bulk add to the excluded list in one step from the Wireless Application Settings page using a list of SSIDs and/or MAC addresses you know you want to exclude.
Caution: The Add to Excluded Rogues feature can only be used to search the existing WhatsUp Gold database for previously seen wireless infrastructure devices you want to add to the excluded list. You cannot add SSIDs and/or MAC addresses to be excluded if and when they are detected in the future.
To access the Add to Excluded Rogues List: