We have several WLCs (mostly 4402s) at several remote sites. A number of them have been showing the same strange messages? They seem to be functional for the most part. Are these cause to be alarmed? How would I go about tracking down the cause of these? I'm especially interested in the first one...it's the one that started me looking into this.
From 'Show Log' on switch to which WLC is connected:
Nov 4 12:34:58.049: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 2 times)Packet received with invalid source MAC address (3B:95:45:6B:00:1E) on port Gi1/1 in vlan 1
Decrypt errors occurred for client 00:13:e8:81:1a:a1 using WPA key on 802.11b/g interface of AP 00:1d:71:e2:a6:40
Radar signals have been detected on channel 116 by 802.11a radio with MAC: 00:1d:71:e2:a6:40 and slot 1
Channel changed for Base Radio MAC: 00:21:d8:92:7e:e0 on 802.11b/g radio. Old Channel: 1. New Channel: 11. Why: Interference. Energy before/after change: -54/-82. Noise before/after change: -82/-82. Interference before/after change: -54/-118
IDS Signature attack detected. Signature Type: Standard, Name: NULL probe resp 1, Description: NULL Probe Response - Zero length SSID element, Track: per-Mac, Detecting AP Name: 12-c11-ap8M, Radio Type: 802.11b/g, Preced: 2, Hits: 1, Channel: 11, srcMac: 00:17:FA:04:2D:CD