Not sure the specific implementation. But I've heard of Rouge AP detection done in two ways. 1. Associate to the "Rouge" ap. Send a packet, See if it appears on your network, Shut the port off it appeared from. I think this is the cisco way? Not sure. This is automated of course. This method wouldn't work in this case. Because it wasn't connected to the hotels network 2. Your AP's detect the "Rouge" AP, They slam out a ton of "Deauth's" directed at the clients, As if they are the AP. Effectively telling the client to "disconnect". Side question for those smarter than I. How does WPA encryption play into this? Would a client associated to a WPA2 AP take a non-encrypted deauth appearing from the same BSSID? Nick Olsen Network Operations (855) FLSPEED x106 ---------------------------------------- From: "David Hubbard" <dhubbard@dino.hostasaurus.com> Sent: Friday, October 03, 2014 4:11 PM To: "NANOG" <nanog@nanog.org> Subject: Marriott wifi blocking Saw this article: http://www.cnn.com/2014/10/03/travel/marriott-fcc-wi-fi-fine/ The interesting part: 'A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system" at the hotel to prevent people from accessing their own personal Wi-Fi networks.' I'm aware of how the illegal wifi blocking devices work, but any idea what legal hardware they were using to effectively keep their own wifi available but render everyone else's inaccessible? David