Enable Rogue AP Containment vs "friendly-ap" vs "rogue-ap" roles

Options
jef
jef Posts: 39  Freshman Member
First Anniversary 10 Comments
edited May 21 in Wireless

What does "Enable Rogue AP Containment" actually do?

And what does it have to do with the "roles" of 'friendly-ap" and 'rogue-ap'?

If I have marked all unknown AP's as rogue in the "monitor" area. That does what to those devices?

If they happen to be attached to the zyxel gateway network, then any client from that AP would be rejected?

I did look it up in the manual, the answer didn't help:

Enable Rogue AP Containment = Select this to enable rogue AP containment.

Best Answers

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,197  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @jef ,

    Thank you for bringing your concerns to our attention.

    Our current APs include support for 802.11w, also known as Protected Management Frames (PMF), is to enhance the security of wireless networks by protecting management frames from being spoofed or tampered with, so Rogue AP Containment is no longer necessary. Therefore, we plan to phase out Rogue AP Containment in an upcoming firmware update.

    Share yours now! https://bit.ly/4aO0BMF

    Judy

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,197  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @jef ,

    In a network configured for "WPA2" only, every client device must support WPA2 (AES) encryption to authenticate and connect successfully.

    On the other hand, a network set to "WPA2-mix mode" allows for the connection of devices using either WPA (TKIP) or WPA2 (AES) encryption standards, accommodating a broader range of client devices.

    Should you opt to disable or deselect the "WPA2-mixed" mode, be advised that devices only capable of supporting WPA (TKIP) encryption will not be able to connect to the specified SSID (Wi-Fi network name).

    Share yours now! https://bit.ly/4aO0BMF

    Judy

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,197  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @jef ,

    Thank you for bringing your concerns to our attention.

    Our current APs include support for 802.11w, also known as Protected Management Frames (PMF), is to enhance the security of wireless networks by protecting management frames from being spoofed or tampered with, so Rogue AP Containment is no longer necessary. Therefore, we plan to phase out Rogue AP Containment in an upcoming firmware update.

    Share yours now! https://bit.ly/4aO0BMF

    Judy

  • jef
    jef Posts: 39  Freshman Member
    First Anniversary 10 Comments
    edited February 6
    Options

    Thank you Judy, Wpa2 vs wpa2-mixed.. limits the PMF.. If I deselect "mixed" what do I loose?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,197  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @jef ,

    In a network configured for "WPA2" only, every client device must support WPA2 (AES) encryption to authenticate and connect successfully.

    On the other hand, a network set to "WPA2-mix mode" allows for the connection of devices using either WPA (TKIP) or WPA2 (AES) encryption standards, accommodating a broader range of client devices.

    Should you opt to disable or deselect the "WPA2-mixed" mode, be advised that devices only capable of supporting WPA (TKIP) encryption will not be able to connect to the specified SSID (Wi-Fi network name).

    Share yours now! https://bit.ly/4aO0BMF

    Judy