We have deployed Wireless in a few offices as a proof of concept and we have started to get the following alarm at one site:
The AP '00:1f:ca:2e:59:a0' with protocol '802.11b/g' on Controller '#.#.##.#' received a message with a large NAV field and all traffic on the channel has been suspended. This is most likely a malicious denial of service attack.
The above is continually being reported on a couple (but not all) APs at this office.
In addition do you have any info/comment on the following:
Â· Big NAV Attack detected.
Â· Auth/De-auth floods i.e. "IDS 'Auth flood' Signature attack detected".
Â· Assoc/Deassoc flood i.e. "IDS 'Assoc flood' Signature attack detected".
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...