08-10-2007 09:42 AM - edited 07-03-2021 02:28 PM
We see many AP Impersonation alarms from WCS 4.1.83:
AP Impersonation of MAC '00:17:0f:xx:xx:xx' using source MAC '00:e0:98:xx:xx:xx' is detected by authenticated AP '00:17:0f:xx:xx:xx' on '802.11a' radio and Slot ID '0'.
Any ideas about this alarm? I have checked the source MACs in the alarm message are some client MACs.
Thanks,
Zhenning
Solved! Go to Solution.
08-11-2007 09:21 AM
Hi Zhenning,
These seem to be strictly bug related. Have a look;
CSCsb90622 AP impersonation alarms flooding the WCS
CSCsg01470 Add source address to AP-IMPERSONATION Trap. AP impersonation traps don't include the source MAC address. Format of the alarm message needs to be changed.
CSCsj50060 WCS use display wrong radio in AP Impersonation alarms. (shows 802.11a radio, even if 802.11a radio is off)
CSCsg44344 Add source address to AP-IMPERSONATION Trap. AP impersonation traps don't include the source MAC address. WCS currently only shows: AP Impersonation with MAC '00:14:1b:62:4e:42' is detected by authenticated AP '00:14:1b:62:4e:40' on '802.11b/g' radio and Slot ID '0'.
These bugs have been nicely documented by John in threads that date back a fair bit;
Hope this helps!
Rob
08-11-2007 09:21 AM
Hi Zhenning,
These seem to be strictly bug related. Have a look;
CSCsb90622 AP impersonation alarms flooding the WCS
CSCsg01470 Add source address to AP-IMPERSONATION Trap. AP impersonation traps don't include the source MAC address. Format of the alarm message needs to be changed.
CSCsj50060 WCS use display wrong radio in AP Impersonation alarms. (shows 802.11a radio, even if 802.11a radio is off)
CSCsg44344 Add source address to AP-IMPERSONATION Trap. AP impersonation traps don't include the source MAC address. WCS currently only shows: AP Impersonation with MAC '00:14:1b:62:4e:42' is detected by authenticated AP '00:14:1b:62:4e:40' on '802.11b/g' radio and Slot ID '0'.
These bugs have been nicely documented by John in threads that date back a fair bit;
Hope this helps!
Rob
08-11-2007 10:48 AM
I think we are hitting the bug CSCsj50060. Thanks Rob!
Zhenning
08-13-2007 04:35 AM
Hi Zhenning,
You are always welcome :) As I noted, John has done some really nice legwork and written up some excellent posts on this subject. It is great to see so many great people participating here!
Take care,
Rob
05-28-2015 01:26 AM
Hi,
Check the similar query on the below link.
https://supportforums.cisco.com/discussion/12486461/ap-impersonation-alarm#comment-10532971
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: