I am receiving this critical alarm usually 1-3 times a day and it doesn't make any sense. I was hoping someone here could let me know if this is a legit problem or just another convenient "cosmetic bug" (There seem to be alot of those with 4.1).
The full message is:
"Fake AP or other attack may be in progress. Rogue AP count on system 'xxx.xxx.xxx.xxx' has exceeded the security warning threshold of '625'."
(IP address above was purposely hidden)
There are, as of typing this, 200 rogue APs reported by both controllers (combined, one has 110 the other 90). This alarm is still 'active' in WCS. Even if there were "fake ap"s, wouldn't the controllers report them as rogues into their count?
Thanks for any input,