https://community.cisco.com/t5/wireless/wcs-error/m-p/2445494#M23121 <P>&nbsp;</P><P>Have you thought about the following:</P><P>&nbsp;</P><P>- Check with TAC that your version of Controller software does not have a bug know to cause this, some do.</P><P>- Once a bug is ruled out, treat this like a genuine attack, and use rssi to detect the rogue AP sending these deauth messages. This shouldn't be too hard if you can see this on multiple APs.</P> Wed, 26 Mar 2014 11:40:35 GMT luckymike33 2014-03-26T11:40:35Z https://community.cisco.com/t5/wireless/wcs-error/m-p/2445493#M23120 <P>Hai,</P><P>We have deployed 5508 WLC along with 3502 AP's, from wcs plus i am receiving the following error. Can anyone help me out what to do in this situation.</P><P>&nbsp;</P><P>IDS 'Deauth flood' Signature attack detected on AP &lt;AP NAME &gt;' protocol '802.11b/g' on Controller &lt; IP ADDRESS&gt;. The Signature description is 'Deauthentication flood', with precedence '9'. The attacker's mac address is &lt;MAC ADDRESS &gt;, channel number is '6', and the number of detections is '300'.</P><P>&nbsp;</P><P>Regards,</P><P>Muhammad Noman</P><P>&nbsp;</P> Mon, 05 Jul 2021 07:32:53 GMT https://community.cisco.com/t5/wireless/wcs-error/m-p/2445493#M23120 Muhammad Noman 2021-07-05T07:32:53Z https://community.cisco.com/t5/wireless/wcs-error/m-p/2445494#M23121 <P>&nbsp;</P><P>Have you thought about the following:</P><P>&nbsp;</P><P>- Check with TAC that your version of Controller software does not have a bug know to cause this, some do.</P><P>- Once a bug is ruled out, treat this like a genuine attack, and use rssi to detect the rogue AP sending these deauth messages. This shouldn't be too hard if you can see this on multiple APs.</P> Wed, 26 Mar 2014 11:40:35 GMT https://community.cisco.com/t5/wireless/wcs-error/m-p/2445494#M23121 luckymike33 2014-03-26T11:40:35Z