ALM-303046790 Detected Rogue Device

Description

WLAN/4/WIDS_DETECT_DEVICE:OID [OID] Detected rogue device. (Device Mac=[OPAQUE], Device type=[INTEGER], Device channel=[INTEGER], Device RSSI =[LONG], Device ssid=[OCTET], Monitor APName=[OCTET], Monitor APMAC=[OPAQUE], Monitor AP radio =[INTEGER], Monitor AP ID=[INTEGER]).

This alarm is generated when an unauthorized device is detected.

Attribute

Alarm ID	Alarm Severity	Alarm Type
303046790	Warning	environmentalAlarm

Parameters

Name	Meaning
OID	Indicates the MIB object ID of the alarm.
Device Mac	Indicates the MAC address of an unauthorized device.
Device type	Indicates the type of an unauthorized device. 1: AP 2: Adhoc 3: Bridge 4: STA
Device channel	Indicates the channel of an unauthorized device.
Device RSSI	Indicates the RSSI of an unauthorized device.
Device ssid	Indicates the SSID of an unauthorized device.
Monitor APName	Indicates the name of a monitoring AP.
Monitor APMAC	Indicates the MAC address of a monitoring AP.
Monitor AP radio	Indicates the radio ID of a monitoring AP.
Monitor AP ID	Indicates the ID of a monitoring AP.

Impact on the System

None

Possible Causes

An unauthorized device was detected.

Procedure

Take countermeasures against the detected unauthorized device and configure WIPS.
1. Enter the AP group radio view or the AP radio view and run the wids contain enable command to enable rogue device containment.
2. Enter the WIDS profile view and run the contain-mode command to configure the countermeasures mode of the AP.
Then, check whether the alarm persists.
- If so, go to Step 2.
- If not, go to Step 3.
Collect alarm messages, log messages, and configurations, and then contact the technical support personnel.
End.