Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
0
Helpful
1
Replies

worried about one AP recieving large NAV fields for weeks ?

meggerman
Level 1
Level 1

‎04-02-2009 03:56 AM - edited ‎07-03-2021 05:24 PM

Hi,

I have lan controllers and cisco WCS. One ap is recieving this message..

The AP '00:**:**:**:**:**' with protocol '802.11b/g' on Controller '**.***.***.**' received a message with a large NAV field. This is most likely a malicious denial of service attack.

(removed the numbers replaced with *)

now there are 4 pages of the same instance on this one AP.

I dont have any more information.. i.e it does not tell me on WCS what the mac is of the machine doing this (if there is one) nor does it tell me on the lan controllers.

how do i detect this problem and identify

many thanks

Megz

Labels:
0 Helpful
1 Reply 1

dennischolmes
Level 7
Level 7

‎04-02-2009 06:24 AM

I would first verify that the actual signal exists. If you have access to Airmagnet WiFi Analyzer you will get all the information you need and have the ability to locate the device doing this. If not, contract a good Cisco wireless partner that does have this or a similar application to verify the actual existence of the problem. It could be a code bug but I haven't seen it myself and I don't see any info in the bug tool pertaining to it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card