Rule Classification Criteria

Table 1: Classification Criteria
Criteria	Description
Signal	Users can specify a minimum signal strength. The range varies from -85 to 0.
Detecting AP Count	The number of detecting APs that can see the rogue device in the network. The range varies from 2–255. For example, in a store, there are four APs and one AP is in the freezer area. AP1, AP2, and AP3 can hear ('see') signals of the rogue device in the network. However, AP4 cannot detect any signals because of the freezer walls. Hence, in this scenario there are 3 detecting APs for the rogue device.
WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. Classification	When a classification value received from the detecting device matches any of the devices classified under the following values: Valid Interfering Neighbor Rogue Suspected Rogue Manually Contained
SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. contains	A list of strings are compared to the rogue SSID. This criteria results in a match if the rogue SSID contains any of these substrings.
SSID does not contain	A list of strings are exempted from this rule. This criteria results in a match if the rogue SSID contains any of these substrings.
Known valid SSIDs	Exact match against all known valid SSIDs configured on the customer account.
Plugged into wired network	For AOS-CX and AOS-PVOS switch customers, a neighbor AP is determined to be plugged into the network by matching a wireless BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. to a wired MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address connected to the switch. The wired to wireless MAC correlation is done by matching the first 40 bits of both the MAC addresses. For example, 11:22:33:44:55:61 matches 11:22:33:44:55:11 => 11:22:33:44:55:XX matches 11:22:33:44:55:XX.
Time on network	The minimum number of minutes since the monitored AP was first seen on the network.
Site Matches	There are up to 32 site IDs for which this rule is applied. This criteria results in a match if the device site is not in the "Site excludes" list.
Site Does not match	There are up to 32 site IDs for which this rule is skipped. The criteria results in a match if the site IDs are mutually exclusive between the "Site includes" and "Site excludes" lists.
Band Band refers to a specified range of frequencies of electromagnetic radiation.	The radio band of the monitored AP.
Valid client MAC match	Match any monitored BSSID against the current valid station cache list. This match must be exact.
Encryption	Encryption: OPEN, WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. , WPA Wi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption., WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES., WPA3

Signal

Users can specify a minimum signal strength. The range varies from -85 to 0.

Detecting AP Count

The number of detecting APs that can see the rogue device in the network. The range varies from 2–255. For example, in a store, there are four APs and one AP is in the freezer area. AP1, AP2, and AP3 can hear ('see') signals of the rogue device in the network. However, AP4 cannot detect any signals because of the freezer walls. Hence, in this scenario there are 3 detecting APs for the rogue device.

WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. Classification

When a classification value received from the detecting device matches any of the devices classified under the following values:

Valid

Interfering

Neighbor

Rogue

Suspected Rogue

Manually Contained

SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. contains

A list of strings are compared to the rogue SSID. This criteria results in a match if the rogue SSID contains any of these substrings.

SSID does not contain

A list of strings are exempted from this rule. This criteria results in a match if the rogue SSID contains any of these substrings.

Known valid SSIDs

Exact match against all known valid SSIDs configured on the customer account.

Plugged into wired network

For AOS-CX and AOS-PVOS switch customers, a neighbor AP is determined to be plugged into the network by matching a wireless BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. to a wired MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address connected to the switch.

The wired to wireless MAC correlation is done by matching the first 40 bits of both the MAC addresses.

For example, 11:22:33:44:55:61 matches 11:22:33:44:55:11 => 11:22:33:44:55:XX matches 11:22:33:44:55:XX.

Time on network

The minimum number of minutes since the monitored AP was first seen on the network.

Site Matches

There are up to 32 site IDs for which this rule is applied. This criteria results in a match if the device site is not in the "Site excludes" list.

Site Does not match

There are up to 32 site IDs for which this rule is skipped. The criteria results in a match if the site IDs are mutually exclusive between the "Site includes" and "Site excludes" lists.

Band Band refers to a specified range of frequencies of electromagnetic radiation.

The radio band of the monitored AP.

Valid client MAC match

Match any monitored BSSID against the current valid station cache list. This match must be exact.

Encryption

Encryption: OPEN, WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. , WPA Wi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption., WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES., WPA3