A wireless local-area network (WLAN) uses radio communication to connect client devices, such as laptop computers, tablet computers, smartphones, etc., to other devices and to the Internet or other networks. Devices and network infrastructure that are commonly referred to as WLAN-enabled or “Wi-Fi”—enabled devices comply with the IEEE 802.11 family of standards. The term “Wi-Fi” has been promulgated by the Wi-Fi Alliance to refer to WLAN products that are based on the IEEE 802.11 standards.
Devices wirelessly connect to the WLAN via network devices known as access points (APs). An AP commonly includes a WLAN radio transceiver, an Ethernet adapter, and an Ethernet cable connector. An AP can be connected with a wired network using an Ethernet cable between the AP and an Ethernet switch in the wired network. A device within radio proximity or range of the AP, commonly about 20 meters, can establish radio communication with the AP and, upon satisfying certain conditions, can communicate with the wired network via the AP.
In a secure network, such as a network operated by a business, each AP is configured to require users to authenticate themselves as a condition for enabling access to the network. Typically, an AP prompts a user to enter a key or password on the client device to be wirelessly connected. The AP compares the password and, if the password is correct, authenticates the device and associates the device with the AP. The device remains in an authenticated and associated state and is thus enabled to access the network until such time as the device may be deauthenticated and dissociated from the AP.
The term “rogue AP” has been used to refer to an AP that has been installed in a secure network without authorization (e.g., authorization from a business's network administrator). For example, a person may attempt to connect an AP to a network for the purpose of attacking or “hacking” the network. It is also not uncommon for an employee without malicious intentions to bring an AP onto the business's premises and plug it into an Ethernet jack without authorization. Rogue APs pose a security threat because they are generally not configured to require users to authenticate themselves as a condition for enabling access to the network. Rather, a rogue AP is commonly configured to grant access to any and all devices within the radio proximity of the AP.
A goal of network administrators is to ensure that no rogue APs can access the network. One tactic that network administrators employ toward achieving this goal is to attempt to detect rogue APs and disable any that are detected. A common method for disabling rogue APs involves the network transmitting a multiplicity of deauthentication packets. Client devices are generally configured to respond to a deauthentication packet by dissociating from connection with the AP. One problem with this method is that it floods the radio spectrum and reduces the overall bandwidth of the medium, severely hampering data throughput for authorized users using authorized APs on the same radio frequency. Also, as standards evolve, it is anticipated that future standards will not support this method. It would be desirable to provide an improved method and system for detecting and disabling rogue APs.