Creating a Rogue AP Detection Policy

You can use a Rogue AP Detection policy to define classification rules that determine how detected access points are evaluated and labeled across selected venues. When applied, the policy controls rogue AP detection behavior at the venue level by activating a single classification profile per venue.

Note: Only one Rogue AP Detection policy can be active at a venue at any time. Activating a policy automatically enables Rogue AP Detection for the selected venue if it is currently disabled.
Complete the following steps to create and apply a Rogue AP Detection policy.
  1. Add the Rogue AP Detection service to your tenant account. From the navigation bar, select Network Control > Service Catalog. Alternatively, you can select Network Control > My Services, then click Add Service.
  2. Find the Rogue AP Detection tile and click Add.
    The Add Rogue AP Detection page is displayed.
    Add Rogue AP Detection Policy
  3. Enter policy details in the Settings section:
    • Policy Name: Enter a name for the Rogue AP Detection policy.
    • Description: Enter a brief description for the policy.
  4. Click Add Rule in the Classification rules section.
    The Add Classification Rule sidebar is displayed.
    Add Classification Rule
  5. Configure the classification rule:
    1. Enter a Rule Name.
    2. Select a Rule Type from the following options: Ad Hoc, CTS Abuse, Deauth Flood, Disassoc Flood, Excessive Power, Low SNR, MAC OUI, MAC Spoofing, Null SSID, RTS Abuse, Same Network, SSID, or SSID Spoofing.
    3. Select a Category. The options are Ignored, Known, Unclassified, or Malicious.
    4. (Optional) Select Add another rule to create additional classification rules.
    5. Click Add to add the rule to the Classification rules table.
    6. To manage Classification rules, select a rule by selecting the check box alongside the Priority column, and click Edit or Delete.
    7. To reorder the priority of rules, drag and drop the specific rule up or down using the icon on the far right side of the table.
  6. Click Next.
    The Scope page is displayed.
  7. Select venues and assign the policy. Perform one of the following actions:
    • Click Activate or Deactivate at the top of the table.
    • Toggle the switch in the Activate column on for each venue.
  8. Click Next, review the summary, and click Finish.
    The Rogue AP Detection policy is created and appears on the Rogue AP Detection page. The policy is applied to the selected venues based on their activation status.