Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1541
Views
0
Helpful
8
Replies

Impersonation of AP issue

Go to solution
gbressanin
Level 1
Level 1

‎07-22-2009 02:03 AM - edited ‎07-03-2021 05:51 PM

Hi,

i have a WISM with release 6.0 and 150 AP connected all in the same RRM. In the TrapLog I see a lot of |"Impersonation of AP......" messages. This issue is between AP connected to the same WISM and in he same RRM.

Any idea?

Regards

Giovanni

An

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roman Rodichev
Level 7
Level 7
In response to gbressanin

‎07-22-2009 10:36 PM

Do you have "AP Authentication" enabled under Security>WPS>APAuth/MFP ? If you do, try disabling it (on both controllers)

Regards,

Roman

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Roman Rodichev
Level 7
Level 7

‎07-22-2009 05:44 AM

Do you have "Validate SSID" checked under WLC > Security > Wireless Protection Services > Trusted AP Policies?

0 Helpful

Go to solution
gbressanin
Level 1
Level 1
In response to Roman Rodichev

‎07-22-2009 07:26 AM

In my WISM with revision 6.0 installed I don't find the "Trusted AP Policies" under "Wireless Protection Services".

I attach the copy of the security web page.

Bye

Giovanni

Preview file
157 KB
0 Helpful

Go to solution
Roman Rodichev
Level 7
Level 7
In response to gbressanin

‎07-22-2009 11:42 AM

Is this happening for one specific AP or for many of them?

0 Helpful

Go to solution
gbressanin
Level 1
Level 1
In response to Roman Rodichev

‎07-22-2009 10:23 PM

For many of them.

0 Helpful

Go to solution
Roman Rodichev
Level 7
Level 7
In response to gbressanin

‎07-22-2009 10:36 PM

Do you have "AP Authentication" enabled under Security>WPS>APAuth/MFP ? If you do, try disabling it (on both controllers)

Regards,

Roman

0 Helpful

Go to solution
gbressanin
Level 1
Level 1
In response to Roman Rodichev

‎07-23-2009 06:20 AM

Hi Roman,

thank you, it was the " AP Authentication Policy" configured as "AP Authentication that generate the error messages. Now I set the Protection Type to " Management Frame Protection" and I not get any error messages.

Thank you again.

Regards

Giovanni

0 Helpful

Go to solution
Roman Rodichev
Level 7
Level 7
In response to gbressanin

‎07-23-2009 12:59 PM

Giovanni,

Interesting, that means:

1. Your two controllers don't have matching RF Group names. Double-check.

2. or you could be running into a bug

MFP is definitely a better option :)

Regards,

Roman

0 Helpful

Go to solution
gbressanin
Level 1
Level 1
In response to Roman Rodichev

‎08-07-2009 03:22 AM

Hi Roman,

sorry for the late but I'm in vacation. I read now the answer at the case that I opened to the TAC about this issue.

From the case notes which you have added, I can see that you are affected by the bug:

CSCsi18369

AP Auth: Known rogues are reported as impersonation alerts

Symptom:

If AP authentication is enabled, the controller will report the entries in the known AP MAC address

list, as impersonation alerts.

Workaround:

Use MFP or disable AP Authentication

Regards

Giovanni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card