WCS 4.1.91 bugs abound - Part 3

Unanswered Question

* IDS false alarms:


There are a variety of ?Critical? wireless IDS alarms that have been listed in earlier threads that focus on AP Impersonation , Disassoc Floo , and Bcast deauth alarms that are not alarms, but are the result of bugs in the WLC code. In larger networks, this can result in floods of false alarms. Also, there is little or no documentation for appropriate values when attempting to adjust the IDS signature files, or for what the IDS errors mean. We have been dealing with ongoing false alarms going back to October 2006 and it is August 2007. Some of the IDS-related bugs:


CSCsh35010 IDS signature documentation needs added to WLC online help and cfg guide


CSCsb90622 AP impersonation alarms flooding the WCS


CSCsj06015 Prevent 'Bcast deauth' alerts for rogue containment by other WLC in MG


CSCsi18369 AP Auth: Known rogues are reported as impersonation alerts


CSCsj34219 D3 - client deauth events show up with client & ap mac interchanged


CSCsg01470: Add source address to AP-IMPERSONATION Trap. AP impersonation traps don't include the source MAC address. Format of the alarm message needs to be changed.


CSCsj34219 D3 - client deauth events show up with client & ap mac interchanged


CSCsj50060 WCS use display wrong radio in AP Impersonation alarms. (shows 802.11a radio, even if 802.11a radio is off)


CSCsj27469,CSCsj01432,CSCsj34934 Malformed information not filled in correctly in Rogue AP alarm messages which show: {3} {4} instead of actual information.


CSCsj43197 WCS error message does not fill in variables in rogue message. WCS does not fill in variables in error message. Further Problem Description:When WCS reports this error message: Rogue AP '00:19:fd:xx:xx:xx' with SSID 'null' is detected by AP '0' Radio type '{3}' with RSSI '{4}' It does not fill in the varables in some instances.


CSCsj06015: Prevent 'Bcast deauth' alerts for rogue containment by other WLC in MG

Symptom: WLC erroneously detects its own containment messages as Bcast Deauth attacks. The alert is generated when an AP on another WLC (in the same or different mobility group) detects that the number of these frames exceeds the configured threshold.


CSCsg44344: (Duplicate of CSCsg01470?) Add source address to AP-IMPERSONATION Trap. AP impersonation traps don't include the source MAC address. WCS currently only shows: AP Impersonation with MAC '00:14:1b:62:4e:42' is detected by authenticated AP '00:14:1b:62:4e:40' on '802.11b/g' radio and Slot ID '0'.


The following were supposed to be fixed in WCS 4.1.91, but the problem persists:

CSCsi71278 WCS does not show Rogue APs' SSIDs (or power level/RSSI)

CSCsi44610 CO: Some Clients' SSID show up as blank and some as n/a


================================================


* When upgrading the WCS, it creates new templates instead of reusing the existing ones. Since templates are the primary method of configuring multiple WLCs/WiSMs this can be extremely irritating.

CSCsi12492 phantom templates in WCS


================================================


* Other irritating GUI items are:

CSCsi94155 CO-MR:Item per page function does not work in Monitor->Clients page

If you generate a list of ALL alarms, or ALL access points, or ALL clients and then attempt to sort by a different column, the list goes back to 20 items per page.


================================================


As discussed, there are more open ?caveats? discussed in the release notes, but the above list is what we have encountered both in house and at one or more of our customer sites. There are a number of bugs in this post that may not appear on the release notes.



Hopefully, this can help you decide if you are ready to move forward on an upgrade or at least what to expect.


- John


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
ericgarnel Tue, 08/07/2007 - 04:45
User Badges:
  • Gold, 750 points or more

Thanks for the update on 4.1.91.0 I decided to stay on 4.1.83.0 for now as ours is stable and I am not experiencing any showstopper bugs.


SHANNON WYATT Wed, 08/29/2007 - 12:27
User Badges:

Hmmm, I believe that if you enable AAA authetication of the access points this will go away, at least most of them.

Actions

This Discussion

 

 

Trending Topics - Security & Network