Meraki

JinsengIT · ‎Sep 24 2024

I'm not sure where else to post about this, so I'm starting here. For years, our Air Marshal has detected a rogue SSID called "DIRECT-". Since it appears on our LAN, we block it. I'm now looking deeper and would like to understand what this might be. I speculate that it could be our Samsung TVs or Windows devices attempting to do screen mirroring using Direct Connect.

I checked the broadcast MACs in a MAC address lookup site, but it couldn't find any of them.

I know this isn't much to work from, but does anyone have any speculation about what this may be, how to confirm, and if it may be safe to add to the SSID Allow list so we don't receive email warning notifications about it?

Thanks for any thoughts you have.

Purroy · ‎Sep 24 2024

99% it will be an HP Direct printer that is connected to your LAN and its WiFi has not been configured or disabled.

Paccers · ‎Sep 24 2024

+1 for printers most likely for the direct print functionality

txhomer · ‎Sep 24 2024

We get alerts like that too and I'm pretty sure it's laptops broadcasting an SSID while also being connected to the LAN

JinsengIT · ‎Sep 25 2024

Thanks for the thoughts. We're going to look into the printers and TVs. The thing that's making this harder is that the SSID is exactly "DIRECT-". Other examples I've seen in my research have a description after the hyphen. I wish that was the case here.

Meraki

Community

Wireless Air Marshal detecting SSID: "DIRECT-"

Wireless Air Marshal detecting SSID: "DIRECT-"