Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Impersonation of AP issue

Hi,

i have a WISM with release 6.0 and 150 AP connected all in the same RRM. In the TrapLog I see a lot of |"Impersonation of AP......" messages. This issue is between AP connected to the same WISM and in he same RRM.

Any idea?

Regards

Giovanni

An

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Impersonation of AP issue

Do you have "AP Authentication" enabled under Security>WPS>APAuth/MFP ? If you do, try disabling it (on both controllers)

Regards,

Roman

8 REPLIES

Re: Impersonation of AP issue

Do you have "Validate SSID" checked under WLC > Security > Wireless Protection Services > Trusted AP Policies?

New Member

Re: Impersonation of AP issue

In my WISM with revision 6.0 installed I don't find the "Trusted AP Policies" under "Wireless Protection Services".

I attach the copy of the security web page.

Bye

Giovanni

Re: Impersonation of AP issue

Is this happening for one specific AP or for many of them?

New Member

Re: Impersonation of AP issue

For many of them.

Re: Impersonation of AP issue

Do you have "AP Authentication" enabled under Security>WPS>APAuth/MFP ? If you do, try disabling it (on both controllers)

Regards,

Roman

New Member

Re: Impersonation of AP issue

Hi Roman,

thank you, it was the " AP Authentication Policy" configured as "AP Authentication that generate the error messages. Now I set the Protection Type to " Management Frame Protection" and I not get any error messages.

Thank you again.

Regards

Giovanni

Re: Impersonation of AP issue

Giovanni,

Interesting, that means:

1. Your two controllers don't have matching RF Group names. Double-check.

2. or you could be running into a bug

MFP is definitely a better option :)

Regards,

Roman

New Member

Re: Impersonation of AP issue

Hi Roman,

sorry for the late but I'm in vacation. I read now the answer at the case that I opened to the TAC about this issue.

From the case notes which you have added, I can see that you are affected by the bug:

CSCsi18369

AP Auth: Known rogues are reported as impersonation alerts

Symptom:

If AP authentication is enabled, the controller will report the entries in the known AP MAC address

list, as impersonation alerts.

Workaround:

Use MFP or disable AP Authentication

Regards

Giovanni

429
Views
0
Helpful
8
Replies