Hi @jkkarkar! Before reporting a device as a rogue, there is additional logic check that the dashboard uses to determine if the BSSID is broadcast from an AP in the same dashboard network (i.e. a legitimate broadcast from other Meraki APs on the same SSID within the same dashboard network). Every AP maintains a list of all of other Meraki APs it knows about in the network, and the rogue check involves a check against this list prior to containment. The caveat is if APs are in a different network of the same dashboard organization, with changes in outcome dependent on the containment method in use. The difference between rogue and spoof is important to note, as a spoof attempting to impersonate your SSIDs cannot easily be blocked via Air Marshal containment methods, due to the containment affecting the legitimate APs also.
... View more
