Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Air Marshal flagging everything it sees as a rogue AP

cbfs
Conversationalist
‎May 23 2018 12:12 AM
‎May 23 2018 12:12 AM

Air Marshal flagging everything it sees as a rogue AP

There is an access point in the neighborhood with a very similar MAC address to one of my Meraki APs. Bytes 2-6 of the MAC address match.

 

Apparently this is enough for Air Marshal to consider them being the same device:

https://meraki.cisco.com/blog/2017/09/rogue-access-point/

 

Since the access point in the neighborhood which has a very similar MAC address to one of my Meraki APs isn't broadcasting an SSID, Air Marshall has started associating every AP is sees that isn't broadcasting an SSID with this one and is telling me that there's almost 400 Rogue Access points connected to my LAN. The number keeps going up every day.

 

This is completely inaccurate. The only thing connected to my LAN right now are the Meraki APs. There are no rogue access points.

 

I've opened a support ticket and tried to explain the issue but they aren't understanding. I'm at a loss of how to get this resolved.

0 Kudos
Subscribe
4 Replies 4
Adam
Kind of a big deal
‎May 23 2018 6:22 AM
‎May 23 2018 6:22 AM

I thought Air Marshal only detecting things with similar SSID's or devices connected to the LAN broadcasting wireless.  You're saying that just because a neighbors device has a somewhat similar MAC but totally different SSID it is triggering an alert?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
Subscribe
vassallon
Kind of a big deal
‎May 23 2018 7:55 AM
‎May 23 2018 7:55 AM

@cbfs Are your APs on MR 25.11? If not, I would suggest upgrading your APs to that firmware release. It fixed an issue we were having here of an AP being marked rogue even though it was a Meraki AP in the network.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
0 Kudos
Subscribe
In response to vassallon
cbfs
Conversationalist
‎May 23 2018 10:12 AM
‎May 23 2018 10:12 AM

@Adam Yes, that’s correct.

 

@vassallon Yes, they’re on MR 25.11, just installed them a few days ago.

0 Kudos
Subscribe
In response to cbfs
rmeany
New here
‎Sep 18 2019 7:43 AM
‎Sep 18 2019 7:43 AM

This issue has been ongoing for me on multiple networks at different organizations and has never been resolved.  I'd really like to just disable the useless air marshal services at this point as they cause more problems than they solve.  Does anyone know of a way to do this?

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.