cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How can we test rogue SSID in Meraki air-marshal

Highlighted
Just browsing

How can we test rogue SSID in Meraki air-marshal

Would like request to you please help us to know the best testing scenario for rogue AP detection by Air-Marshal (from Meraki stand-points), how can we test if Air-Marshal detect rogue AP

6 REPLIES 6
Highlighted
A model citizen

Re: How can we test rogue SSID in Meraki air-marshal

Just configure a non-Meraki AP with the same SSID that you use in your network and place that device near your Meraki-AP.

Highlighted
Kind of a big deal

Re: How can we test rogue SSID in Meraki air-marshal

Or you can create a hotspot as well. 

Highlighted
Just browsing

Re: How can we test rogue SSID in Meraki air-marshal

Thanks for revert, 

can you please clarify what procedure Air-marshal take to detect rogue AP, please refer below snapshot and clear our queries.

Air-Marshal_0-1605791121701.png

 

1. Is someone plug other AP into our network then it detects?

2. If unknown AP (whether Meraki or non-Meraki) connected our LAN and get IP from internel DHCP then it detects?

3. The meraki access switches or ports can sense if its non-meraki AP?

4.  If it is meraki ap but not yet claimed in the dashboard then it detects as rogue AP?

 

Please help to clear our queries, thanks.

Highlighted
Kind of a big deal
Kind of a big deal

Re: How can we test rogue SSID in Meraki air-marshal

Hi, this shows what meraki detects:

https://documentation.meraki.com/MR/Monitoring_and_Reporting/Air_Marshal#Wireless_Threats

 

Rogue SSID seen on LAN: SSIDs that are broadcast by rogue APs and seen on wired LAN; this could suggest compromise of the wired network." 

 

But its most likely a client using some kind of screen mirroring  or someone set up a hotspot.

 

1) if its broadcasting, yes

2) if its broadcasting, yes

3) i would say yes but it does not act on this.

4) not sure, but i think if its broadcasting, yes

Highlighted
Just browsing

Re: How can we test rogue SSID in Meraki air-marshal

Hi,

If Air-Marshal detected any rogue AP in our LAN so what procedure (excluding below procedure ) should we take for overcome/mitigate them .

 

contain

Whitelist 

Blacklist

Alert

Uncontain

 

Highlighted
A model citizen

Re: How can we test rogue SSID in Meraki air-marshal


@Air-Marshal wrote:

Hi,

If Air-Marshal detected any rogue AP in our LAN so what procedure (excluding below procedure ) should we take for overcome/mitigate them .

 

contain

Whitelist 

Blacklist

Alert

Uncontain

 


Procedures other than the mentioned? Find the user that connected the AP to the LAN and make sure he understands his mistake. Make sure not to have any witnesses around, and clean up mess afterwards.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.