Monitoring and alerting for rogue access points is a fairly common request.
Many of my recent customized onsite training engagements have involved figuring out a way to alert the network staff when a rogue access point appears. Just a quick note; a rogue access point doesn’t have to be a traditional physical device such as a smartphone in hotspot mode or your basic access point router but now there are software access points you can run on your wifi laptop or desktop.
Luckily most of these customers own a copy of AirMagnet Portable WiFi Analyzer, so lately I have been showing people how to configure this software to accomplish this helpful task.
There seems is a bit of confusion when it comes to understanding the main types of AirMagnet products; Portable and Enterprise. I think this stems from the customer believing they only need one or the other. While this may be true, in many cases I have demonstrated the need for both.
Portable tools are simple to figure out; these are tools that you physically carry around to troubleshoot, analyze or gather information.
Enterprise tools involve placing sensors around your network and you can remotely perform the same tasks performed with the portable tools. When it comes to AirMagnet's WiFi Analyzer, you can do some additional things such as block the rogue wireless or disable that switch port that the rogue is connected to and produce some pretty slick reports.
In my experience, I have found people will start with the portable solution and if the network is large enough where being in 2 places at the same time is impossible, or when remote management becomes an issue, they add the enterprise solution to the mix.
In this video I show you how to use AirMagnet's WiFi Analyzer portable to detect a rogue AP and send an email alert with the info.