Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

WLC Deauthentication flood attack

I would like to know what actions can take a Wireless Lan Controller when one of the register Access Points receives an Authentication, Deauthentication or a Disassociation Flood Attack.

Also i would like to know what can be the best practices to mitigate these attacks.

Thanks a lot.

Everyone's tags (4)

WLC Deauthentication flood attack

Refer you to Rogue Management, Attack Detection and Threat Mitigation document.

WLC Deauthentication flood attack

The most important thing is to locate the attacker and isolate it.

The attack can be intentional (by an attacker) or unintentional (by problematic WLAN driver or by neighbor rogue WLAN system).


By finding the attack source you decide what will you do:

- if problematic driver fix it or otherwise isolate it.

- if neighbor rogue WLANs contact their admin and ask them to add your WLAN as friendly one.

- if an attacker you decide what you will do. You may call 911


To help locating the attack sources, Cisco provides Mobility Service Engine (MSE):


Hope this is useful.




Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
CreatePlease to create content