Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9644
Views
16
Helpful
5
Replies

WLAN Controller Message

Go to solution
Faisal Shabbir
Level 1
Level 1

‎10-31-2012 02:15 AM - edited ‎07-03-2021 10:57 PM

Hi FREINDS,

I am consistly receiving following message on one of my WLAN controller, please could you tell me the severity level and solution of the following message:

IDS Signature attack cleared. Signature Type: Standard, Name: NULL probe  resp 1, Description: NULL Probe Response - Zero length SSID element,  Track: per-Mac, Detecting AP Name: KU-GF-I2-W03, Radio Type: 802.11b/g,   Preced: 2, Channel: 11

Thanks & Regards,

Faysal

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎10-31-2012 04:27 AM

The null signature alarm is really nothing. I disabled this alarm on my wlcs.

Device can send different types of probe request. For example they ca. Send a direct probe request from your laptop to an ap. they can send broadcasted probe request from your laptop to everyone. And some device are programmed to send null probe reuest. Often if you run net stumbler that program sends null probes.

Some manufactures, not Cisco gear though, when they see a null probe request will respond with their hidden (non broadcasted) ssids.

These alerts are informing you that a device(s) are sending nulls ..

I hope this helps..



Sent from Cisco Technical Support iPhone App

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

5 Replies 5

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎10-31-2012 04:27 AM

The null signature alarm is really nothing. I disabled this alarm on my wlcs.

Device can send different types of probe request. For example they ca. Send a direct probe request from your laptop to an ap. they can send broadcasted probe request from your laptop to everyone. And some device are programmed to send null probe reuest. Often if you run net stumbler that program sends null probes.

Some manufactures, not Cisco gear though, when they see a null probe request will respond with their hidden (non broadcasted) ssids.

These alerts are informing you that a device(s) are sending nulls ..

I hope this helps..



Sent from Cisco Technical Support iPhone App

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Go to solution
Faisal Shabbir
Level 1
Level 1
In response to George Stefanick

‎10-31-2012 04:37 AM

Many Thanks George

0 Helpful

Go to solution
lisacoody
Level 1
Level 1

‎02-07-2013 08:56 AM

George and Faisal -

I'm getting the same messages and would like to know how to disable them. Is that done on the controller (instead of on WCS)? Is this the correct place - Managment > SNMP > Trap Controls > Security ?

Thanks,

Lisa

0 Helpful

Go to solution
David Watkins
Level 4
Level 4
In response to lisacoody

‎02-07-2013 09:03 AM

You could use WCS to make the change I would think, but you need to remove this from the WLC so it is not forwarded/reported to WCS.

Fromt he GUI.

SECURITY > Wireless Protection Policies > Standard Signatures

You will see your list of pre-configured standard signatures.  You can find the one in question regarding Null Probe Responses and disable that standard signature.

Go to solution
lisacoody
Level 1
Level 1
In response to David Watkins

‎02-07-2013 09:28 AM

Thank you, David! I very much appreciate your fast response.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card