WCS issue

Unanswered Question
Apr 13th, 2009

I have an issue with a WCS log. I am receiving a MFP anomaly detected-1 Invalid sequence number message in my WCS and a coupple of radio interfaces of APs are constantly going down and up.

Could someone give an explanation for this issue.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
runningboy01 Mon, 04/13/2009 - 11:54

I've seen the "MFP anomaly detected" before but never really researched it.

As for your interfaces of the APs going up and down, do you have RLDP (Rogue Location Discovery Protocal) turned on? If so, I believe that is why your interfaces are going up and down. If they are only going up and down for a brief milisecond that is likely why, I believe.

ariel.aguirre Mon, 04/13/2009 - 12:12

Yes, my radios interfaces are going up and down for a brief milisecond and it didn't happen in the past, this issue is recently.

dbentley Tue, 04/14/2009 - 11:20

The controller may generate "MFP Anomaly Detected" alarms, which are reported as 'Invalid MIC' events. The alarms may originate from many different valid APs.

This condition does not affect the operation of the access points. These messages can be normal in the course of AP operation,etc. and Cisco typically recommends that MFP be disabled so that it does not cause client issues since this is especially seen with older clients(or clients not having the most up to date drivers).

A workaround would be to disable and then re-enable the access points identified in the messages, or you can try and disable MFP validation on some of the APs, or disable Infrastructure MFP globally.

This can be done from the WLC GUI at Security->Wireless Protection Policies>AP Authentication/MFP, or by using the WLC CLI command: config wps mfp infrastructure disable

mkluemper Wed, 04/15/2009 - 07:42

I'm curious - you stated "and Cisco typically recommends that MFP be disabled" - where did you get that information? My understanding was that MFP should be enabled, and optional for the clients. currently running 5.2.178.0 at this particular customer.

dbentley Wed, 04/15/2009 - 08:25

That was given to me directly from TAC. We are running 4.2.130 and 4.2.176 special.

Actions

This Discussion