Impersonation of AP issue

Answered Question
Jul 22nd, 2009
User Badges:

Hi,


i have a WISM with release 6.0 and 150 AP connected all in the same RRM. In the TrapLog I see a lot of |"Impersonation of AP......" messages. This issue is between AP connected to the same WISM and in he same RRM.

Any idea?

Regards

Giovanni

An

Correct Answer by Roman Rodichev about 7 years 9 months ago

Do you have "AP Authentication" enabled under Security>WPS>APAuth/MFP ? If you do, try disabling it (on both controllers)


Regards,

Roman

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Roman Rodichev Wed, 07/22/2009 - 05:44
User Badges:
  • Gold, 750 points or more

Do you have "Validate SSID" checked under WLC > Security > Wireless Protection Services > Trusted AP Policies?

gbressanin Wed, 07/22/2009 - 07:26
User Badges:

In my WISM with revision 6.0 installed I don't find the "Trusted AP Policies" under "Wireless Protection Services".

I attach the copy of the security web page.


Bye

Giovanni



Attachment: 
Roman Rodichev Wed, 07/22/2009 - 11:42
User Badges:
  • Gold, 750 points or more

Is this happening for one specific AP or for many of them?

Correct Answer
Roman Rodichev Wed, 07/22/2009 - 22:36
User Badges:
  • Gold, 750 points or more

Do you have "AP Authentication" enabled under Security>WPS>APAuth/MFP ? If you do, try disabling it (on both controllers)


Regards,

Roman

gbressanin Thu, 07/23/2009 - 06:20
User Badges:

Hi Roman,


thank you, it was the " AP Authentication Policy" configured as "AP Authentication that generate the error messages. Now I set the Protection Type to " Management Frame Protection" and I not get any error messages.


Thank you again.

Regards

Giovanni

Roman Rodichev Thu, 07/23/2009 - 12:59
User Badges:
  • Gold, 750 points or more

Giovanni,


Interesting, that means:

1. Your two controllers don't have matching RF Group names. Double-check.

2. or you could be running into a bug


MFP is definitely a better option :)


Regards,

Roman

gbressanin Fri, 08/07/2009 - 03:22
User Badges:

Hi Roman,


sorry for the late but I'm in vacation. I read now the answer at the case that I opened to the TAC about this issue.


From the case notes which you have added, I can see that you are affected by the bug:

CSCsi18369

AP Auth: Known rogues are reported as impersonation alerts

Symptom:

If AP authentication is enabled, the controller will report the entries in the known AP MAC address

list, as impersonation alerts.


Workaround:

Use MFP or disable AP Authentication



Regards

Giovanni




Actions

This Discussion

 

 

Trending Topics - Security & Network