(Sorry for bad English) Hello,   We have a WLC 5508 with the system version 8.5.151.0. On that WLC we have 3 types of AP associated :   - Access point 1532 - Access point 2602 - Access point 2802 Last week all of 2802 lose the association with the WLC, and it was impossible to re-associate those AP... As a temporary solution we moved all of 2802 on our Main WLC which is located in an other country which is not the best practice. Note that 1532 and 2602 AP don't have any issues and are still associated to the WLC, we didn't made any change or update on the WLC. Now when we try to force the association with the WLC, they automatically re-associate with the Main WLC... Am I missing something here ? Did you guys experienced something similar ? ... View more

Since a few weeks we are applying a patch management process on our Cisco devices. The idea is to generate a monthly PISRT report on Cisco prime. If there are vulnerable devices, then we deploy the new firmware through cisco prime. My problem is the the semi annual vulnerability list published by cisco last week : https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-63410 When generating the cisco prime report, i expected to see a lot of devices vulnerable, but it s not the case. It seems that Cisco Prime PSIRT definition are not up to day. Questions : * does anybody have any clue of the usual delay between the vulnerability publication and the update of the PSIRT report on Cisco prime ? * Given a specific CVE, is there a way to have the visibility on Cisco prime if the CVE is checked in the PSIRT report ? and which devices are not patched specifically on this CVE ? ... View more

Hello, I have troubles to setup threshold alerting. Let s say i want to generate events only if i get abnormalous number of http request coming from outside to a specific http server. Test 1 : I create the appropriate rules ; generate events but don't configure any "threshold" rules. => i get hundreds of intrusion events each second. Test 2 : On the same rules, i add threshold rules (see picture). I expect to get 1 intrusion event each 30 rules match within 10 seconds.But i got anything 0 alerts... I tried to decrease the threshold ; tried to use the "limit" and "threshold" option instead of "both". But the result is the same. Can anybody help me ? ... View more