Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1930
Views
0
Helpful
1
Replies

Deauthentication flood message

mmartinez
Level 1
Level 1

‎04-29-2009 02:05 PM - edited ‎07-03-2021 05:31 PM

Is frecuently find in the enterprise WCS the following message

"IDS 'Deauth flood' Signature attack detected on AP 'XXXXXXX'protocol '802.11b/g' on Controller 'x.x.x.x'.

The Signature description is 'Deauthentication flood', with precedence '9'.

The attacker's mac address is 'xx:xx:xx:xx:xx:xx', channel number is '1', and the number of detections is '300'"

For security prouposes I changed the IP and MAC addresses.

The MAC address shown in the message is a Base Radio MAC from an AP controlled by the same WLC, which is sending the warning.

I read about a bug with a similar message but it's solved in the version 4.0.217.0 but this WLC has the 5.1.151.0 version and it's not shown in the release notes or bug toolkit.

Anybody can help me ? !

Labels:
0 Helpful
1 Reply 1

Robert.N.Barrett_2
Level 4
Level 4

‎04-29-2009 03:50 PM

Code releases are in parallel, so version 4.2.x.x may have fixes that 5.1.x.x does not. Go with a code base that was released late last year or early this year.

We were at 4.2.130.0 and recently upgraded to 4.2.176.0. The messages greatly decreased after that. If you want to stick with 5.1 code, then you may want to consider upgrading to 5.1.163.0, which was released in February of this year.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card