Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Deauthentication flood message

Is frecuently find in the enterprise WCS the following message

"IDS 'Deauth flood' Signature attack detected on AP 'XXXXXXX'protocol '802.11b/g' on Controller 'x.x.x.x'.

The Signature description is 'Deauthentication flood', with precedence '9'.

The attacker's mac address is 'xx:xx:xx:xx:xx:xx', channel number is '1', and the number of detections is '300'"

For security prouposes I changed the IP and MAC addresses.

The MAC address shown in the message is a Base Radio MAC from an AP controlled by the same WLC, which is sending the warning.

I read about a bug with a similar message but it's solved in the version 4.0.217.0 but this WLC has the 5.1.151.0 version and it's not shown in the release notes or bug toolkit.

Anybody can help me ? !

1 REPLY

Re: Deauthentication flood message

Code releases are in parallel, so version 4.2.x.x may have fixes that 5.1.x.x does not. Go with a code base that was released late last year or early this year.

We were at 4.2.130.0 and recently upgraded to 4.2.176.0. The messages greatly decreased after that. If you want to stick with 5.1 code, then you may want to consider upgrading to 5.1.163.0, which was released in February of this year.

1272
Views
0
Helpful
1
Replies
CreatePlease login to create content