The unauthorized (or rogue) AP 50 can be an identical or similar device to the (authorized) AP 101. The characterization as unauthorized refers to whether or not APs have permission to join a network or communication with a particular station. For example, an employee of a company can bring a personal AP from home and connect it to the wired network backbone to provide better coverage area or strength to a local area network. Also, a data thief can set up a covert access point in a parking lot of a company. In still another example, the unauthorized AP 50 may be friendly to the network, but has not yet completed its own authentication or association in a satisfactory manner because of many reasons. Additionally, an authorized AP can be manually deauthorized by a network administrator or automatically deauthorized due to abnormal behavior (e.g., high network usage).

In some embodiments, the AP 101 prevents initial connections with the unauthorized AP from the station 102 using spoofed management frames, such as responses to probe requests. The requests include a channel switch announcement to cut off further communications to the unauthorized AP. The AP 101, as an authorized member of the wireless network, can then intervene and initiate a connection with the station 102.