Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDS Signature attack detected

Hi,

We are getting a lot of entries of this error in the system log of our WLC (5508 7.4.100.0)

 

IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-signature, Detecting AP Name: AP.FLO, Radio Type: 802.11b/g, Preced: 5, Hits: 500, Channel: 11, srcMac: A3:D3:B6:F0:34:7B

 

 

There is any workarround about this?

 

Thanks

Everyone's tags (3)
4 REPLIES

Hi,You receivng those because

Hi,

You receivng those because the mentioned source MAC is trying to send 802.11 authentication request frames so many times. That is usually means either bad RF, too many clients or bad client supplicant/driver. In some situation it can be a planned DoS attack.

You have to find the source MAC, isolate the root cause and fix it.

 

HTH

 

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Thanks Amjad,Also we are have

Thanks Amjad,

Also we are have some clients that are unable to connect to our APs and get authentication errors in her laptops. We are using WPA/WPA2 / PSK authententication but we get the following error:

Client Excluded: MACAddress:f8:f1:eb:dd:c9:cd Base Radio MAC :08:ad:9f:76:4d:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4

 

Do you have any idea of what could be the problem?

 

Thabks

Cisco Employee

psk can be incorrect or it

psk can be incorrect or it could not handle the combination of wpa and wpa2 enabled. try with wpa2 only.

Cisco Employee

are reported on this client

are reported on this client only or other client with similar model/type/config/driver also affected. if so try updating the driver. another workaround on wlc is, adjust the timer/hit limit.

1434
Views
0
Helpful
4
Replies