Hi, I've recently installed a WLC 4402 and about 19 1242AG APs. The wireless clients accessing the network are all Symbol MC-9090 handheld scanners. Several times a day I get the following alert in the WLC Log, followed by a cleared message about 10 minutes later:
"IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-signature, Detecting AP Name: VINTower02, Radio Type: 802.11b/g, Preced: 5, Hits: 50, Channel: 11, srcMac: 00:1E:7A:18:C8:B0 "
The AP name and MAC changes, and usually 4 or 5 of our APs send this message all at once. The MAC addresses being listed are the Symbol scanners and other APs in the general area of the detecting AP. The scanners are accessing an SAP application via HTTP.
What is causing these messages, and how do I adjust the WLC to not think these scanners/APs are trying to attack the network?