Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDS Signature attack detected


We are getting a lot of entries of this error in the system log of our WLC (5508


IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-signature, Detecting AP Name: AP.FLO, Radio Type: 802.11b/g, Preced: 5, Hits: 500, Channel: 11, srcMac: A3:D3:B6:F0:34:7B



There is any workarround about this?



Everyone's tags (3)

Hi,You receivng those because


You receivng those because the mentioned source MAC is trying to send 802.11 authentication request frames so many times. That is usually means either bad RF, too many clients or bad client supplicant/driver. In some situation it can be a planned DoS attack.

You have to find the source MAC, isolate the root cause and fix it.





Rating useful replies is more useful than saying "Thank you"
New Member

Thanks Amjad,Also we are have

Thanks Amjad,

Also we are have some clients that are unable to connect to our APs and get authentication errors in her laptops. We are using WPA/WPA2 / PSK authententication but we get the following error:

Client Excluded: MACAddress:f8:f1:eb:dd:c9:cd Base Radio MAC :08:ad:9f:76:4d:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4


Do you have any idea of what could be the problem?



Cisco Employee

psk can be incorrect or it

psk can be incorrect or it could not handle the combination of wpa and wpa2 enabled. try with wpa2 only.

Cisco Employee

are reported on this client

are reported on this client only or other client with similar model/type/config/driver also affected. if so try updating the driver. another workaround on wlc is, adjust the timer/hit limit.