Updated on 2024-01-25 GMT+08:00

ALM-303046790 Detected Rogue Device

Description

WLAN/4/WIDS_DETECT_DEVICE:OID [OID] Detected rogue device. (Device Mac=[OPAQUE], Device type=[INTEGER], Device channel=[INTEGER], Device RSSI =[LONG], Device ssid=[OCTET], Monitor APName=[OCTET], Monitor APMAC=[OPAQUE], Monitor AP radio =[INTEGER], Monitor AP ID=[INTEGER]).

This alarm is generated when an unauthorized device is detected.

Attribute

Alarm ID

Alarm Severity

Alarm Type

303046790

Warning

environmentalAlarm

Parameters

Name

Meaning

OID

Indicates the MIB object ID of the alarm.

Device Mac

Indicates the MAC address of an unauthorized device.

Device type

Indicates the type of an unauthorized device.

  • 1: AP
  • 2: Adhoc
  • 3: Bridge
  • 4: STA

Device channel

Indicates the channel of an unauthorized device.

Device RSSI

Indicates the RSSI of an unauthorized device.

Device ssid

Indicates the SSID of an unauthorized device.

Monitor APName

Indicates the name of a monitoring AP.

Monitor APMAC

Indicates the MAC address of a monitoring AP.

Monitor AP radio

Indicates the radio ID of a monitoring AP.

Monitor AP ID

Indicates the ID of a monitoring AP.

Impact on the System

None

Possible Causes

An unauthorized device was detected.

Procedure

  1. Take countermeasures against the detected unauthorized device and configure WIPS.

    1. Enter the AP group radio view or the AP radio view and run the wids contain enable command to enable rogue device containment.
    2. Enter the WIDS profile view and run the contain-mode command to configure the countermeasures mode of the AP.

  2. Then, check whether the alarm persists.

    • If so, go to Step 2.
    • If not, go to Step 3.

  3. Collect alarm messages, log messages, and configurations, and then contact the technical support personnel.
  4. End.

Related Information

None