Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
0
Helpful
3
Replies

Alerts on Cisco Prime Infrastructure

Sumathi
Level 1
Level 1

‎03-19-2019 02:18 AM - edited ‎07-05-2021 10:04 AM

Hi,

We have newly deployed Cisco prime infrastructure in our environment. Upon adding the controller to Cisco prime, we are receiving many alerts under "Rogue AP" category.

Message:
Rogue AP 'ec:9b:c3:8f:3a:e8' with SSID 'AndroidAP' is detected by AP
 'AP10' Radio type '802.11n(2.4GHz)' with RSSI '-88'

 

Can someone please let me know how to mitigate/action to be taken for such alerts?

Prime version: 3.5

 

Labels:
0 Helpful
3 Replies 3

patoberli
VIP Alumni
VIP Alumni

‎03-19-2019 02:57 AM

That is a user with an Android device and an active Hotspot.
It's up to your company policy on what you want to do with them.
Depending on that, I would lower the priority of this event, so it doesn't anymore report, or I would go and crack down on those users and have them disable the hotspot.
Of course, you will also see neighbor APs as Rogues, those I would classify as "Friendly External", that way they will stop creating an alarm.
0 Helpful

Sumathi
Level 1
Level 1
In response to patoberli

‎03-19-2019 05:23 AM

Thank you for the response.

Could you tell us what would be the impact caused due to these identified Rogue APs? Currently, we have around 1lakh minor alerts and 2 major alerts classified as malicious related to Rogue APs. 

Message: Rogue AP '90:06:25:be:4a:73' with SSID 'Hotspot7087' and
channel number '6' is detected by AP 'AP4' Radio type
'802.11n(2.4GHz)' with RSSI '-80' and SNR '2'

Also, please help us to understand what does the following indicate?

Severity: Major

Previous Severity: Cleared

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to Sumathi

‎03-20-2019 03:31 AM

For your second question. The person left your wireless area and thus the alarm was cleared. He later came back and it's now again a Major alarm (until he leaves again).

To answer your first question, this specific example is probably no real impact, other than other people around that device also see the SSID Hotspot7087 if they search for wireless.
The impact starts to happen if other users connect to that hotspot and start to transmit lots of data. This will fill up the channel 6 (in this example) and all your APs in channel 6 will have reduced performance and maybe drop-outs.
I suggest you read this here first: https://en.wikipedia.org/wiki/Wireless_network it covers some of the very basics of wireless networks.
Secondly this here: https://www.itprotoday.com/compute-engines/q-what-co-channel-interference-and-why-should-i-care-about-it This is what happens with other APs / Hotspots running on the same channel.
If they use another channel, like number 5, then you have Noise on channels 1-6: https://www.cnet.com/news/diagnosing-and-addressing-wi-fi-signal-quality-problems/
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card