WCS reports Deauth Attack but not destined for our network
So our WCS has been reporting Deauth floods (not bcast deauth) for a while. I attended the location and found that the source of the attack was a known rouge AP and then destination was apple laptop client.
In essense, nothing to do with our infrastructure, it looks like a rouge ap (or AP on another network) containing a particular client.
Why does the WCS pick this up as a deauth flood as it is not destined for one of our APs?
Can I stop the WCS from reporting this? Ie, configure the WCS to only report deauth floods that are directed at our APs?
Is this normal behaviour due to the fact that wireless is csma/ca?
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...