Own APs as Honeypot?!

Answered Question
Mar 23rd, 2009
User Badges:

Hello Group,


my newly deployed Wireless has some little quirks. One of them is that APs on the same Controller (AP 1250 and WiSM) detect each other as honeypot - sending a trap, but than it is nowhere in the rogues (it shouldn't, so this is good) - but the trap is sent. This is very annoying.


Potential Honeypot AP detected from Rogue MAC : 00:24:14:31:d9:1f on Base Radio MAC : 00:24:14:31:d7:20 Interface no:1(802.11a) with SSID: ssid


both APs are on the same controller, the detectet AP has another base radio mac of course, but this mac belongs to it on one SSID.


Is this a Bug or something misconfigured?


Edit to add: oh, right, I'm running 5.2.157.0

Correct Answer by Leo Laohoo about 8 years 3 months ago

Hi Stefan,

1. This is a bug since the early 4.x days.


2. It's mostly cause/aggravated with the fact that the "honeypot" AP is located too close to the other AP. You can try to relocate the AP somewhere else or modify the settings for the Radio Resource Management.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Leo Laohoo Mon, 03/23/2009 - 15:04
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Hi Stefan,

1. This is a bug since the early 4.x days.


2. It's mostly cause/aggravated with the fact that the "honeypot" AP is located too close to the other AP. You can try to relocate the AP somewhere else or modify the settings for the Radio Resource Management.

Leo Laohoo Tue, 03/24/2009 - 14:05
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Thanks for the rating.

mbaez Fri, 04/10/2015 - 06:23
User Badges:

I have release 7.6 and got the same and WAP's are 70' away from each other and the are in the lower Tx Power option

Leo Laohoo Tue, 03/24/2009 - 17:22
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Bug ID: CSCsv78027


It should be fixed with the soon-to-be-released firmware 6.0(32.0).

artem_oliynyk Thu, 04/16/2009 - 07:40
User Badges:

Hi all,


we have same problem with the currently last version 5.2.178 (WiSM).


Thanks a lot.


Bye,

Artem


ssaluga Tue, 04/21/2009 - 17:53
User Badges:

Hello All,

We are having the same issues with 4404's running 5.2.178.


With WCS version 5.2.130 we are getting tons of "AP impersonation" errors also.


Thanks,

Scott Saluga

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode