Rogue client with unauthorized MAC

This alarm is raised when WiFi Manager detects the presence of Rogue client using unauthorised MAC address.

What is MAC address?When is it termed unauthorised?

Networking equipment come with an in-built Identifier-address which is unique. This address assigned to the network equipment is called MAC address- Media Access Control Address.Each enterprise may standardise certain MAC address as authorised in their WLAN and may refer to all the MACs other than the ones standardized as unauthorised MACs.

What are the scenarios in which such an attack may take place?

When there are rogue clients trying to intrude into aWLAN , their MAC address is compared to the ones which are classified as authorised by the Enterprise. When the MACs do not match the authorised list, they are detected as unauthorized MAC address.Rogue Access clients  installed by unauthorized employees may not follow enterprise standard deployment procedures thus compromising security on your network.

This attack may occur when there is new AP added for discovery, which is detected as rogue AP, the MAC address of which is yet to be configured as Authorised MAC. In such a case, the mobile unit can be marked as "trusted", thereby adding its MAC into the authorized list.

What should the administrators do?

The administrators should take effective steps to  size="2"> discover rogue clients  and  should  block from the network. WLAN administrator can block the rogue clients from the network by adding the rogue client's MAC to the blocked list of all authorized Access Points.

screenshot: