Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
4
Helpful
5
Replies

Persistent, chronic, false alarms for the past eight months

johnruffing
Level 4
Level 4

‎03-02-2007 09:44 AM - edited ‎07-03-2021 01:43 PM

We now have two installations that utilize a unified wireless (WLC or WiSM - AIR-LAP1131AG, AIR-LAP1231G, AIR-LAP1242AG access points) that have been exhibiting the following IDS false alarms:

Disassoc Flood

AP Impersonation

We have TAC cases going back to October 2006 to address them and have upgraded to the latest/greatest version 4.0.206.0 in hopes of getting this solved.

Version 4.0.206.0 was supposed to have fixed these problems, and it did reduce some of the other false alarms (not listed). However, the two mentioned above persist.

Is anyone else out there experiencing this?

- John

Labels:
0 Helpful
5 Replies 5

Toivo
Level 1
Level 1

‎03-06-2007 08:21 AM

Yes. The controllers mistakenly treat APs as rogues and their rogue suppression as attacks. It's bug CSCse87066 (this was hidden from customer view until relatively recently.)

Note that the status says verified (and not resolved) despite also giving fixed-in releases. Just as you, we're still seeing the bug in 4.0.206.0 as well.

0 Helpful

kwonza
Level 1
Level 1

‎03-06-2007 10:10 AM

Boy I am glad someone is seeing this in the latest code. TAC stated that I upgrade but my SE requested not to. I am also seeing this alarm all the time and it's a pain. Please post when there is a permanent fix. Did v4.0.206.0 offer anything else worth upgrading to at this time?

0 Helpful

Toivo
Level 1
Level 1
In response to kwonza

‎03-06-2007 10:29 AM

The upgrade helped with some other assorted multicast and reporting bugs, so we did go ahead with it, and it didn't break anything new that we noticed. It didn't fix the bug it was supposed to either, but we didn't know that at the time. Overall we're still in a boat where we'll pretty much upgrade when a new version comes out, as it can't possibly be worse than the old versions.

Our account team had told us from the get go (and reiterated later last year) that the 4.x releases are bleeding edge feature releases and not recommended for production; the 3.x train was stable, but as we have a bunch of 1121-series APs we were forced to run 4.x.

0 Helpful

johnruffing
Level 4
Level 4
In response to Toivo

‎03-16-2007 01:27 PM

Thank you for confirming this behavior.

In answer to your question, upgrading to 4.0.206.0 did get rid of the "Generic Netstumbler" IDS alarm that turned out to be another false positive.

As it turns out, there have been comments from Cisco that now indicate that .206 has stability issues (nice to know that now). However, we have not experienced any of these issues at the two installations where this version is operating.

I also wanted to point out that we went ahead and opened TAC cases for each error at each customer site.

Currently, most of them have reached a status of "Release Pending". (Now as to *WHICH* release....)

If you have not opened a TAC case for these issues, taking the time to do so will help Cisco be aware of the extent to which this problem exists in the field and, hopefully, will help them prioritize the fix to this problem.

John

johnruffing
Level 4
Level 4
In response to johnruffing

‎03-16-2007 02:02 PM

I forgot to mention that TAC has tied two known bugs to the TAC cases that have been opened for the false "AP Impersonation" alarms:

CSCsg01470

CSCsb90622

http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl

- John

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card