How to filter Aerohive AP's by Node ID aka mac address/and or BSSID in 6.1r3a

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Aerohive AP filter for Node ID aka Mac address/ and or BSSID
Photo of Matthew Kelley

Matthew Kelley

  • 9 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Matthew Kelley

Matthew Kelley

  • 9 Posts
  • 0 Reply Likes
Background our deployment is in thousands and in-net rouges showing deployed BSSIDS unable to search them by BSSID in filter AP's, no node ID or mac address search function.  Can triangulate although such a large deployment need better search functions on node ID/BSSID.
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Matthew,
Am I understanding you correctly? The Monitor->Rogue AP screen has too many items on it for you to easily find a particular rogue AP, and you want to be able to apply a filter so this screen only shows that rogue?

You can filter that list by BSSID. First, click this


Then just enter the BSSID into the box that pops up. You don't need to save this filter with a name, unless you want to re-use it again in the future.



Did this answer your question?
Photo of Matthew Kelley

Matthew Kelley

  • 9 Posts
  • 0 Reply Likes

Mike,

In this scenario, the In-net rogue AP is one of my own, we have over 4,000 AP's.  We have many AP's that show up in rogue ap's mostly from non compliant WMM support. 

Question

Is there a way to quickly identify my Aerohive AP's through a search function in either Aerohive AP's or Rogue AP's to search for Node ID (Mac address) and or BSSID with a way to truncate search parameters with wildcard.  Global search returns no matches for node ID's.  Thanks for your help.

Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Matthew,
I'm sorry for being so dense, but I am still not sure I understand you. Are you saying that you have many Aerohive access points, and some of them are reporting others as possible rogues? And you are trying to find the ones that are classified as rogues, or are you trying to find the ones mis-classifying other hive members as rogues, or both?
Photo of Matthew Kelley

Matthew Kelley

  • 9 Posts
  • 0 Reply Likes

Hi Mike,

Yes many Aerohive AP's, BSSID's on some Aerohive AP's are being reported as In-Net rogues. 

Is there a way to quickly identify my Aerohive AP's through a search function in either Aerohive AP's or Rogue AP's to search for Node ID (Mac address) and or BSSID with a way to truncate search parameters with wildcard.  Global search returns no matches for node ID's. 

Thanks for your help.


Photo of Slipshod

Slipshod

  • 1 Post
  • 0 Reply Likes
Matthew,

It automatically does a substring match of the text entered for the BSSID.  So if you want to wildcard it, just put the part of the BSSID you want to search for in - but without any wildcard characters.  Here's an example:

Putting in just "0013" 

Results in the Rogue list being just the MAC addresses with "0013" somewhere in the MAC address, like this:




Keep in mind that it is a substring, so if you put in a short string you will are more likely to have false positives.  I do not know of a way to tell it to search only from the front or back of the MAC.

Regards,
Tash
Photo of Matthew Kelley

Matthew Kelley

  • 9 Posts
  • 0 Reply Likes

Question

Is there a way to quickly identify my Aerohive AP's through a search function in either Aerohive AP's or Rogue AP's to search for Node ID (Mac address) / need to search for In net BSSID's to quickly identify my aps from a rogue report.

In large environment searching for BSSID's does not help finding in net rogues that are my own aps.  Having a mac address search function with ability to search sub strings would be extremely helpful in this regard.

Thanks.

Photo of Matthew Kelley

Matthew Kelley

  • 9 Posts
  • 0 Reply Likes

Here is an example of how many AP's show my in-net rogue (4018B15E2F96) for WMM support, if I could search for Mac address 4018B15E2F96, or truncate and or wildcard would help me quickly identify my problem AP's. Search for BSSID gives me the same result below,  can triangulate position although feel I should be able to locate my AP's by searching for node id/mac address.

 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net    -76 dBm WPA auth; Short preamble   WMM support  4018B15C9A14 05/21/2014 08:08:43 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net    -77 dBm WPA auth; Short preamble   WMM support  4018B15D6794 05/21/2014 07:41:09 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net    -73 dBm WPA auth; Short preamble   WMM support  4018B15DFED4 05/21/2014 07:40:40 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net    -83 dBm WPA auth; Short preamble   WMM support  4018B15E0A14 05/21/2014 08:08:34 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net    -69 dBm WPA auth; Short preamble   WMM support  4018B15E2E94 05/21/2014 07:35:48 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net   -77 dBm WPA auth; Short preamble   WMM support  4018B15E3494 05/21/2014 07:38:40 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net   -79 dBm WPA auth; Short preamble   WMM support  4018B15E4414 05/21/2014 07:34:05 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net  -82 dBm WPA auth; Short preamble   WMM support  4018B15E4554 05/21/2014 07:34:08 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net  -77 dBm WPA auth; Short preamble   WMM support  4018B15E4614 05/21/2014 07:38:04 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net  -88 dBm WPA auth; Short preamble   WMM support  4018B15E4894 05/21/2014 07:50:52 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net  -80 dBm WPA auth; Short preamble   WMM support  4018B15E4B94 05/21/2014 07:35:11 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net  -76 dBm WPA auth; Short preamble   WMM support  4018B15E5394 05/21/2014 07:35:24 AM
 4018B15E2F96 Aerohive Networks Inc.  1 0 Off Manual In-net -74 dBm WPA auth; Short

preamble   WMM support  4018B15E6514 05/21/2014 07:38:45 AM

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Can you post a screenshot of what you have in the WIPS policy that you are using?

Nick
Photo of Matthew Kelley

Matthew Kelley

  • 9 Posts
  • 0 Reply Likes
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
How do you know that it is WMM that is triggering it and not something else? It should only trigger based on that check if it sees a SSID that does not have WMM enabled.

(WMM should, of course, be enabled to get access to 802.11n data rates. Without it, a standards compliant AP will limit you to 802.11g data rates only.)
(Edited)
Photo of Matthew Kelley

Matthew Kelley

  • 9 Posts
  • 0 Reply Likes

Under column of non compliant settings, reads WMM support.  Of my 772 in net rogues (My Aerohive) AP's all show this, of course that number is really like 70 AP's out of my 4479 AP's. 

Trying to isolate (triangulate) and log into AP's to determine BSSID's is troublesome in large deployments like this.

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Perhaps asking the obvious then, but have you checked the configuration that you are applying to your APs (Aerohive and otherwise) to ensure that you have WMM enabled on all their SSIDs then? Or are you saying it is flagging a false positive?
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
The BSSID is a subset of the actual Node ID.  In your case, you should be able to just take your MAC (4018B15E2F96) and find the AP with the starting MAC address of  4018B15E2F??.  The last two digits seem to be the only two modified for the BSSID of the AP.  If I were a betting man, I'd say those last two digits are somewhere in the range of 72 to 8?.  The 11th digit seems to increment 1 for wifi0 interface and 2 for wifi1 interface.  The 12th digit seems to be 4 typically start at 4 over its Node ID value. 

Node ID of this AP = 4018B1ABA8C0


Now the tricky part is filtering for that MAC on your "All Devices" list as there is no filter option for MAC Addresses/Node IDs.




And if I'm following your request, this is what you are asking?  Seeing as you have ~4000 devices, finding this needle in a haystack could be quite challenging.  You could always sort your gear by the Node ID column and hunt for the first 10 characters of the BSSID. 

Is this anywhere close to what you're asking? 

(Edited)
Photo of Matthew Kelley

Matthew Kelley

  • 9 Posts
  • 0 Reply Likes

Brian,

Best answer to my issue I have - thanks.  Sorting on node id /mac address with 500 item found on page 2 of 9, much better than trying to find rogue AP's triangulated on maps.

Logged into 4018B15E2F80 and found BSSID showing as rogue.

Assume WMM problem may be fixed my new config push, we'll see thanks for your help on this.

Name       MAC addr      Mode   State Chan VLAN   Radio      Hive       SSID
------- -------------- -------- ----- ---- ---- ---------- ---------- ---------
Mgt0    4018:b15e:2f80    -       U     -     1     -           -
Eth0    4018:b15e:2f80 backhaul   U     -     1     -            -
Wifi0   4018:b15e:2f90 access     U     1     - 2.4GHz-...     -          -
Wifi0.1 4018:b15e:2f94 access     U     1     - 2.4GHz-... 
Wifi0.2 4018:b15e:2f95 access     U     1     - 2.4GHz-... 
Wifi0.3 4018:b15e:2f96 access     U     1     - 2.4GHz-... 
Wifi0.4 4018:b15e:2f97 access     U     1     - 2.4GHz-... 
Wifi1   4018:b15e:2fa4 access     U   149     - 5GHz-Pr...     -          -
Wifi1.1 4018:b15e:2fa8 access     U   149     - 5GHz-Pr... 
Wifi1.2 4018:b15e:2fa9 access     U   149     - 5GHz-Pr... 
Wifi1.3 4018:b15e:2faa access     U   149     - 5GHz-Pr... 
Wifi1.4 4018:b15e:2fab access     U   149     - 5GHz-Pr...