Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WCS Alarms

Hi ,

Iam getting continueous alarm message on my WCS Server..

The messeges are "  IDS 'NetStumbler generic' Signature attack cleared on AP " and " AP Impersonation " both are says critical alarms.

Please help me on how to resolve this alarms to stop generating.

Thanks & Regds,

Lalit

2 REPLIES
New Member

Re: WCS Alarms

Hi Lalit,

Which version of WLC do you have? those messages appears in all of your ap's or only in some ones?

Best Regards,

Milton Tizoc.

Cisco Employee

Re: WCS Alarms

Hello,

Do a search in this document for netstumbler for an explanation of the IDS signature causing this alarm:

http://www.cisco.com/en/US/docs/wireless/controller/5.0/configuration/guide/c5sol.html

The AP impersonation alarm is triggered by an snmp trap sent by the WLC. The trap sent is:


bsnAPImpersonationDetected.

This happens when a radio of an authenticated access point has heard from another
access point whose MAC address neither matches that of a rogue nor is it an authenticated
neighbor of the detecting access point.

On aggressive environments, a helpful feature is to enable access point authentication with
a threshold of 2. This enables you to detect possible AP impersonation and minimize false
positive detections.

This is how to configure it from the CLI of the Wireless Lan Controller (WLC):


config wps ap-authentication enable
config wps ap-authentication threshold 2


Finally, you can change the severity of the AP impersonation alarm in WCS from critical to
lower so you are not alerted. This can be done from Administration > Settings > Severity Configuration.

1046
Views
0
Helpful
2
Replies