Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WCS Error

Hai,

We have deployed 5508 WLC along with 3502 AP's, from wcs plus i am receiving the following error. Can anyone help me out what to do in this situation.

 

IDS 'Deauth flood' Signature attack detected on AP <AP NAME >' protocol '802.11b/g' on Controller < IP ADDRESS>. The Signature description is 'Deauthentication flood', with precedence '9'. The attacker's mac address is <MAC ADDRESS >, channel number is '6', and the number of detections is '300'.

 

Regards,

Muhammad Noman

 

1 REPLY
Bronze

 Have you thought about the

 

Have you thought about the following:

 

- Check with TAC that your version of Controller software does not have a bug know to cause this, some do.

- Once a bug is ruled out, treat this like a genuine attack, and use rssi to detect the rogue AP sending these deauth messages. This shouldn't be too hard if you can see this on multiple APs.

36
Views
0
Helpful
1
Replies