cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
127
Views
0
Helpful
3
Replies
Highlighted

IDS Messages Prime - WLC

Hello together,

 

I´ve got in Cisco Prime some Security Messages  I can´t explain. Someone know something about that?

1:

IDS 'Deauth flood' Signature attack cleared
on AP 'XXX-APXX' protocol '802.11a' on
Controller '"Controller IP". The Signature
description is 'Deauthentication flood'. -
Device Name: Controller Name - Reporting
Address: Controller IP This Signature attack is
still detected by 1 APs.

2:

IDS 'Auth flood' Signature attack cleared on
AP 'AP' protocol '802.11a' on
Controller 'IP'. The Signature
description is 'Authentication Request
flood'. - Device Name: Controller -
Reporting Address: IP This Signature
attack is still detected by 1 APs.

3:

IDS 'Reassoc flood' Signature attack cleared
on AP 'AP' protocol '802.11a' on
Controller 'IP'. The Signature
description is 'Reassociation Request
flood'. - Device Name: Controller -
Reporting Address: IP This Signature
attack is still detected by 1 APs.

4.

IDS 'EAPOL flood' Signature attack cleared
on AP 'AP' protocol '802.11a' on
Controller 'IP'. The Signature
description is 'EAPOL Flood Attack'. -
Device Name: Controller - Reporting
Address: IP This Signature attack is
still detected by 14 APs.

 

Thanks a lot. 

 

 

 

3 REPLIES 3
Highlighted
Hall of Fame Master

Re: IDS Messages Prime - WLC

Have you tried searching these alert? There are some threads and bugs on these depending on what equipment you have. If you want more description on the alerts, the configuration guide has that information.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-4/config-guide/b_cg84/wireless_intrusion_detection_system.html#ids-signatures
-Scott
*** Please rate helpful posts ***
Highlighted

Re: IDS Messages Prime - WLC

Hello Scott,

 

thanks for anwsering.

 

My searching had no results. I saw in the Guide the IDS Massage descriptions and so on. But i can´t find anything at the Controller (Security, Wireless Protection Policies->Signature Events Summary, its empty.)

WLC 3504 release 8.10.121.0.

Thanks

 

Highlighted
Hall of Fame Master

Re: IDS Messages Prime - WLC

All I can say is look at some IDS documentation on the controllers. If it doesn’t provide you with a good understanding, then I doubt you will find your answer documented anywhere. You are sending this to PI and you can also create custom signatures. So take a look at some documentation and go from there. Keep in mind, there might be bugs causing messages to get generated and you can also search that in the bug tool or just a general web search.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-4/config-guide/b_cg84/wireless_intrusion_detection_system.html#ids-signatures
-Scott
*** Please rate helpful posts ***
CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey