Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=wireless-neighborhood-networks

Neighborhood networks

The Neighborhood networks tab shows every network within the range of the selected site's access points, including networks that Sophos Central doesn't manage. Every access point scans for neighborhood SSIDs once during the startup process, such as when you restart an access point or install a new firmware update. If you turn on dynamic background channel selection, access points scan for neighborhood SSIDs regularly.

To show neighborhood SSIDs, go to My Products > Wireless > APX Settings and turn on Rogue Access Point detection.

You can filter the scanned networks to show All, Rogue, Trusted, Untrusted, Advanced Impersonate, Evil Twin, BSSID Impersonate, SSID Impersonate, or Adhoc.

Scan

Click Scan to scan all online networks in the supported channels of an access point. During a scan, devices connected to the network will experience network interruption for three to five minutes.

Scanning and classification take place on the individual access points when the scan is triggered. The results shown in Sophos Central are current as of the most recent scan. We recommend you perform scans regularly to identify and classify new SSIDs.

Tip

For AP6 access points, you can also see the results of a scan in the local UI. See Wireless monitor.

You can see the following information about all detected networks:

  • Classification: The default classification of the network. You can choose a custom classification. See Classification.
  • Name: The SSID of the network.
  • BSSID: The MAC address of the access point broadcasting the network.
  • Channel: The channel the network is broadcasting on.
  • Band: The frequency band the network is broadcasting on.
  • RSSI: The estimated strength of the wireless signal at the access point.
  • First seen: The last time an access point detected the network.
  • Last seen: The time since an access point detected the network.

Classification

Classification lets you identify which SSIDs are safe and which may potentially be threats. Classifications have no impact on normal wireless operation. For example, if two AP6 access points at the same site broadcast the same SSID, they can label each other as SSID Impersonate. Wireless devices can still connect to these SSIDs and roam between the access points. You must manually set them to Trusted.

Select a network and click Select classification to customize or mark that network. Select from the following classifications:

  • Trusted: A network that belongs to your Sophos Central account. Sophos Central knows which SSIDs belong to a site but can't tell if SSIDs can be trusted. You must manually classify SSIDs as Trusted.
  • Untrusted: A network that doesn't belong to your Sophos Central account. Untrusted networks usually aren't malicious, but they may cause interference.
  • Rogue: An untrusted network connected to your secured wired access point network.
  • SSID Impersonate: A network that spoofs the network name of your access point.
  • BSSID Impersonate: A network that spoofs the hardware address of your access point.
  • Evil Twin: A network that spoofs the network name and the hardware address of your access point.
  • Advanced Impersonate: A network that spoofs your access point's network name and unique protection code.
  • Adhoc: A peer-to-peer network.

Select a network and click Clear Custom Classification to clear or undo a custom classification.