Would like request to you please help us to know the best testing scenario for rogue AP detection by Air-Marshal (from Meraki stand-points), how can we test if Air-Marshal detect rogue AP
Just configure a non-Meraki AP with the same SSID that you use in your network and place that device near your Meraki-AP.
Thanks for revert,
can you please clarify what procedure Air-marshal take to detect rogue AP, please refer below snapshot and clear our queries.
1. Is someone plug other AP into our network then it detects?
2. If unknown AP (whether Meraki or non-Meraki) connected our LAN and get IP from internel DHCP then it detects?
3. The meraki access switches or ports can sense if its non-meraki AP?
4. If it is meraki ap but not yet claimed in the dashboard then it detects as rogue AP?
Please help to clear our queries, thanks.
Hi, this shows what meraki detects:
https://documentation.meraki.com/MR/Monitoring_and_Reporting/Air_Marshal#Wireless_Threats
" Rogue SSID seen on LAN: SSIDs that are broadcast by rogue APs and seen on wired LAN; this could suggest compromise of the wired network."
But its most likely a client using some kind of screen mirroring or someone set up a hotspot.
1) if its broadcasting, yes
2) if its broadcasting, yes
3) i would say yes but it does not act on this.
4) not sure, but i think if its broadcasting, yes
Hi,
If Air-Marshal detected any rogue AP in our LAN so what procedure (excluding below procedure ) should we take for overcome/mitigate them .
contain
Whitelist
Blacklist
Alert
Uncontain
@Air-Marshal wrote:Hi,
If Air-Marshal detected any rogue AP in our LAN so what procedure (excluding below procedure ) should we take for overcome/mitigate them .
contain
Whitelist
Blacklist
Alert
Uncontain
Procedures other than the mentioned? Find the user that connected the AP to the LAN and make sure he understands his mistake. Make sure not to have any witnesses around, and clean up mess afterwards.
Or you can create a hotspot as well.
Can you have more testing scenarios for rogue APs creation in our network, those can be detected by Meraki Air-Marshal, as earlier you suggested "for configuring a non-non-Meraki AP with the same SSID that we use in our network and place that device near our Meraki-AP and also we can create a hotspot."