- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Wireless Controller
Dedicated Wi-Fi control and management for high density and mobility
- Fortinet Community
- Knowledge Base
- Wireless Controller
- Meru Technical Note - Configuring Rogue AP Detecti...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Description
Scope
Solution
Configuring Rogue AP Detection and Mitigation.
Scope
KB ARTICLE TYPE: Configuration
RELATED PRODUCTS: Controller, AP
RELATED SOFTWARE VERSIONS: N/A
KEYWORDS: Controller, AP, BSSID
Solution
Rogue APs are unauthorized wireless access points. Valid network users should not be allowed to connect to the rogue APs because rogues pose a security risk to the corporate network. To prevent clients of unauthorized APs from accessing your network, enable the options for both scanning for the presence of rogue APs and mitigating the client traffic originating from them. These features are set globally, with the controller managing the lists of allowable and blocked WLAN BSSIDs and coordinating the set of APs (the Mitigating APs) that perform mitigation when a rogue AP is detected. When rogue AP scanning (detection) is enabled, for any given period, the AP spends part of the time scanning channels (determined by the Scanning time in ms setting), and part of the time performing normal AP WLAN operations on the home channel (determined by the Operational time in ms setting). This cycle of scan/operate repeats so quickly that both tasks are performed without noticeable network operation degradation. Rogue AP mitigation prevents stations from associating with the rogue AP. You can block all traffic for any clients in the range of Meru access points from attempting to access the network through rogue APs.
CONFIGURATION STEPS:
GUI Steps:
STEP
1: Go to "Configuration" tab >> "Wireless IDS/IPS"
>> "Rouge APs".
STEP 2 : Under "Global
settings" tab turn On Detection.
STEP 3 : In the
"Mitigation" list, select one of the following:
*No mitigation:
No rogue AP mitigation is performed.
*Block all BSSIDs that
are not in the ACL: Enables rogue AP mitigation of all detected BSSIDs
that are not specified as authorized in the Allowed APs
list.
*Block only BSSIDs in blocked list: Enables rogue AP
mitigation only for the BSSIDs that are listed in the Blocked APs
list.
*Block Clients seen on the wire: Enables rogue mitigation
for any rogue station detected on the wired side of the AP (the
corporate network, in many cases).
STEP 4 : Set the
"Rouge AP aging" in seconds. Type the amount of time that passes before
the rogue AP alarm is cleared if the controller no longer detects the
rogue. The value can be from 60 through 86,400
seconds.
STEP 5 : Set the "Number of Mitigating APs"
by entering the number of APs (from 1 to 20) that will perform scanning
and mitigation of rogue APs.
STEP 6 : Set the
"Scanning time in ms" by entering the amount of time Mitigating APs will
scan the scanning channels for rogue APs. This can be from 100 to 500
milliseconds.
STEP 7 : In the "Operational time in
ms" field, enter the amount of time Mitigating APs will spend in
operational mode on the home channel. This can be from 100 to 5000
milliseconds.
STEP 8 : Set the "Max mitigation frames
sent per channel", by entering the maximum number of mitigation frames
that will be sent to the detected rogue AP. This can be from 1 to 50
deauth frames.
STEP 9 : Set the "Scanning Channels"
by entering the list of channels that will be scanned for rogue APs. Use
a comma separated list from 0 to 256 characters. The complete set of
default channels are
1,2,3,4,5,6,7,8,9,10,11,36,40,44,48,52,56,60,64,149,153,157,161,
165.
STEP 10 : In the "RSSI Threshold for Mitigation"
field, enter the minimum threshold level over which stations are
mitigated. The range of valid values is from to -100 to 0.
STEP 11 : Click Ok to apply the settings.
CLI Steps:
To enabled Rogue Detection and Rogue Mitigation:
MeruController1# configure
terminal
MeruController1(config)# rogue-ap
detection
MeruController1(config)# rogue-ap
mitigation <all | none | selected |
wiredRogue>
MeruController1(config)#
rogue-ap aging <aging-time 60-86400 in
seconds>
MeruController1(config)#
rogue-ap assigned-aps <number_aps from 1 to
20>
MeruController1(config)# rogue-ap
scanning-time <scanning-time from 100 to
500milliseconds>
MeruController1(config)#
rogue-ap operational-time <operational-time from 100 to
500milliseconds>
MeruController1(config)#
rogue-ap mitigation-frames <number_frames 1 to 50
deauth frames, default is
10>
MeruController1(config)# rogue-ap
scanning-channel <channel-list from 0 to 256
characters>
MeruController1(config)#
rogue-ap min-rssi <level from -100 to 0, RSSI level is -100 by
default.>
MeruController1(config)#exit
To
view the Rouge-AP configuration and list of all rogue
APs:
To confirm the rogue AP
detection state:
MeruController1#show rogue-ap
globals
MeruController1#show
rogue-ap-list
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.