Symptom
APs in the same eWLC classify each other as Rogue and alert as a threat "AP Impersonation" to DNA Center / monitoring tool.
Snip of "show wireless wps rogue ap detailed" :
Rogue BSSID : 00a2.ee4d.f201
Last heard Rogue SSID : SCI
802.11w PMF required : No
Is Rogue an impersonator : Yes
Is Rogue on Wired Network : No
Classification : Malicious
Manually Contained : No
State : Threat
First Time Rogue was Reported : 12/07/2023 07:51:10
Last Time Rogue was Reported : 12/18/2023 17:34:26
Number of clients : 0
Reported By
AP Name : stoonsalv-ap1-1
MAC Address : 00a2.eea0.c9a0
Detecting slot ID : 0
Radio Type : dot11g, dot11n - 2.4 GHz
SSID : SCI
Channel : 11 (From DS)
Channel Width : 20 MHz
RSSI : -77 dBm
SNR : 18 dB
ShortPreamble : Disabled
Security Policy : WPA2/FT/Dot1x
Last reported by this AP : 12/18/2023 17:34:11
Authentication Failure Count : 255
Conditions
APs 2800 joined to the same eWLC embedded in switch C9300-48UN both on version 17.9.4a
