Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
4
Helpful
5
Replies

Windows 10 wireless Client randomly dropping

JustinGayheart
Level 1
Level 1

‎03-24-2023 02:46 PM

hi friends i have a Cisco 2504 WLC running 8.5.171 and I have a user who has been getting randomly kicked off the network multiple times a day... this is the message that i have found in the Logs on the system:

IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-Mac, Detecting AP Name: BMANAGER, Radio Type: 802.11b/g, Preced: 5, Hits: 300, Channel: 1, srcMac: *Client Mac Address here*

We have about 43 access points and it randomly shows these messages on multiple access points.

Can anyone help guide me toward a setting / solution for this?

0 Helpful
5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame

‎03-24-2023 03:02 PM

Can you include the ap models you have, was there a change or patch or update that happened recently, have you been able to replicate the issue, etc.  Provide as much information as you can, especially what you have done to troubleshoot and what you have done to try to isolate the issue.  You know that Windows has a command that provide a lot of information that shows everything about the wireless connection.  You can Google the command to get additional information and how to run the command in elevated mode.

netsh wlan show wlanreports

-Scott
*** Please rate helpful posts ***

Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎03-24-2023 03:05 PM

Some items you would find on the forums would be the following:

  1. Upgrade the wireless driver
  2. Run a debug on the client Mac address
  3. Identify the common variables from the clients that have issues
  4. Identify if other devices are working fine
  5. Replicate the issue
  6. Use the tools that Cisco provides to audit the configuration and the debug analyzer which I think you already used.
-Scott
*** Please rate helpful posts ***

JustinGayheart
Level 1
Level 1
In response to Scott Fella

‎03-24-2023 03:06 PM

cisco 2702 

Usually the user just reboots and it comes back up.. she works on the other side of the building and unfortunately isnt always available for troubleshooting..

the only real troubleshooting i have done is looking up the mac address in the WLC logs... 

 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to JustinGayheart

‎03-24-2023 06:24 PM - edited ‎03-24-2023 07:40 PM

I also want to see the outputs @Scott Fella has requested.  

Also, I want to confirm that this issue is only happening to one, single user?  Am I correct?

JPavonM
VIP
VIP

‎03-27-2023 11:29 PM

From my experience I have found that this log messages appear whenever a wIPS solution is on the vicinity.
Performing OTA packet captures I've been able to track down Ubiquity, Meraki and Aruba attacks to my network through collecting the offender MAC and SSID. Then using this SSID information to match that from the neighbour business and to advice the admin of the other network to 1)disable deauth/disassoc attacks as this is ilegal or 2)whitelist my BSSIDs/ESSIDs in the solution and left the other admin to continue missusing such solutions.

For me using Wi-Fi Hawk has been very helpful as it lowered the time to process all the capture and showed me the MAC address with such ammount of transmissions against my BSSIDs easily.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card