Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
0
Helpful
1
Replies

WCS reports Deauth Attack but not destined for our network

kfarrington
Level 3
Level 3

‎06-17-2008 02:41 AM - edited ‎07-03-2021 04:01 PM

Hi all,

So our WCS has been reporting Deauth floods (not bcast deauth) for a while. I attended the location and found that the source of the attack was a known rouge AP and then destination was apple laptop client.

In essense, nothing to do with our infrastructure, it looks like a rouge ap (or AP on another network) containing a particular client.

Why does the WCS pick this up as a deauth flood as it is not destined for one of our APs?

Can I stop the WCS from reporting this? Ie, configure the WCS to only report deauth floods that are directed at our APs?

Is this normal behaviour due to the fact that wireless is csma/ca?

Many thx,

Ken

Labels:
0 Helpful
1 Reply 1

didyap
Level 6
Level 6

‎06-23-2008 06:01 AM

Follow the URL for the WCS for running reports and configuration :

http://www.cisco.com/en/US/docs/wireless/wcs/4.2/configuration/guide/wcsreps.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card