Cisco Systems OL-8376-01 manual Intrusion Detection System Troubleshooting, Interference Detection

Page 65

Chapter 1 FAQs and Troubleshooting

Intrusion Detection System FAQs and Troubleshooting

First, a rogue is detected which has an RSSI value higher than the configured threshold. For example, it has an RSSI value of -60dBm and the configured threshold is -80dBm.

Then, the rogue is not seen for a while, and the WLSE marks it for deletion. (Rogue APs that are not heard from for a long time are candidates for deletion from the WLSE.)

Interference Detection

Q.Are the Network-Wide > Interference Detection settings of -87dbm for 10% always the same, or are they the optimal recommended values, or are they calculated depending on the environment? Should they be left alone, or are there any recommendations?

A.This is the default setting. If it is not adequate, you will need to experiment to find the proper setting for your environment.

APs in Scanning-Only Mode

Q.Why are the APs running in scanning-only mode having problems with sporadic connection loss and image upgrade failure?

A.In a heavy-load environment, APs running in scanning-only mode may face sporadic connection loss and image upgrade failure. To resolve these problems, use the following configuration commands to balance CPU time:

scheduler interval <100-xxx>

scheduler allocate <3000-xxx> <1000-xxx>

Many newer Cisco platforms use the command scheduler allocate instead of scheduler interval. The scheduler allocate command takes two parameters: a period in microseconds for the system to run with interrupts enabled, and a period in microseconds for the system to run with interrupts masked. Please refer to the IOS documentation for more information about these commands.

Q.Which WLSE IDS functions require dedicated scanning APs?

A.Only the Unregistered Client function requires a scanning AP.

Intrusion Detection System Troubleshooting

This section contains the following information for troubleshooting the Intrusion Detection System:

Q.I configured the Friendly AP-to-Rogue AP no-observation period as 5 minutes, moved a rogue AP (AP1) to the friendly list, and shut down its radio. After 5 minutes, AP1 was moved to the rogue AP list. When I moved AP1 back to the friendly list, it was immediately (with in 40 seconds) moved back to the rogue AP list.

Q.What should I do when my system is overrun with rogue APs?

Q.The SSID field in the Manage Rogues > Rogue AP List report is being displayed in hexagonal format (for example, "\x00\x00\x00\x00\x00\x00\x00\x00\x00"). What causes this?

Q.I configured the Friendly AP-to-Rogue AP no-observation period as 5 minutes, moved a rogue AP (AP1) to the friendly list, and shut down its radio. After 5 minutes, AP1 was moved to the rogue AP list. When I moved AP1 back to the friendly list, it was immediately (with in 40 seconds) moved back to the rogue AP list.

FAQ and Troubleshooting Guide for the CiscoWorks Wireless LAN Solution Engine

 

OL-8376-01

1-53

 

 

 

Page 64 Page 66
Image 65
Page 64 Page 66
Contents Customer Order Number OL-8376-01 Corporate HeadquartersCopyright 2006 Cisco Systems, Inc. All rights reserved N T E N T S Fault Descriptions Conventions AudienceConvention Italic fontAvailable Formats Product Documentation105/wlse/213/index.htm Obtaining DocumentationOrdering Documentation Cisco.comProduct Documentation DVD Cisco Product Security Overview Reporting Security Problems in Cisco ProductsDocumentation Feedback Cisco Technical Support & Documentation Website Obtaining Technical AssistanceObtaining Additional Publications and Information Submitting a Service RequestDefinitions of Service Request Severity Xii General FAQs General FAQs and TroubleshootingFAQs and Troubleshooting General FAQs and Troubleshooting MIB Name Description General Troubleshooting If no, see Symptom Cannot log in as a system administrator., Possible Cause Restart the system services by entering the following Symptom The system time or date is incorrect # ip name-server ip-address Deployment Wizard Troubleshooting Faults FAQs Faults FAQs and TroubleshootingFAQs and Troubleshooting Faults FAQs and Troubleshooting Faults Troubleshooting Recommended Action Not applicable Devices FAQs Devices FAQs and TroubleshootingFAQs and Troubleshooting Devices FAQs and Troubleshooting Discovery/Device Management Troubleshooting Devices TroubleshootingMessage Possible Cause Recommended Action Discovered but could not be FAQs and Troubleshooting Devices FAQs and Troubleshooting Configuration FAQs Configuration FAQs and TroubleshootingOL-8376-01 Page OL-8376-01 Configuration Troubleshooting Auto-Managed Configuration Assign Templates Firmware FAQs Firmware FAQs and TroubleshootingFirmware Troubleshooting Recommended Action FAQs and Troubleshooting Firmware FAQs and Troubleshooting Telnet Credential Fields Required Reports FAQs and TroubleshootingReports FAQs Reports Troubleshooting Recommended Action None Click jobvm.log Radio Manager FAQs Radio Manager FAQs and TroubleshootingConfiguration Radio MonitoringWDS AP? Auto Re-Site SurveyMiscellaneous When Wlse is used for initial setup OL-8376-01 Auto Re-Site Survey Select Devices Discover Managed/Unmanaged Radio Manager TroubleshootingSites FAQs Sites FAQs and TroubleshootingLocation Manager Assisted Site survey WizardRadio Parameter Generation AP Radio ScanAssisted Site Survey Wizard FAQs and Troubleshooting Sites FAQs and Troubleshooting AP Radio Scan Sites Troubleshooting FAQs and Troubleshooting Sites FAQs and Troubleshooting FAQs and Troubleshooting Sites FAQs and Troubleshooting Intrusion Detection System FAQs Intrusion Detection System FAQs and TroubleshootingAPs in Scanning-Only Mode Detecting Rogue APsDetecting Rogue APs Page OL-8376-01 Intrusion Detection System Troubleshooting Admin FAQs Admin FAQs and TroubleshootingFAQs and Troubleshooting Admin FAQs and Troubleshooting Redundancy State Description Admin Troubleshooting Recommended Action FAQs and Troubleshooting Admin FAQs and Troubleshooting Select Faults Manage Fault Settings Generating Diagnostics for Technical Assistance Troubleshooting Tools for the Wlse ApplianceInternal AAA Server Wlse Express FAQs Fault Descriptions Utilization % Access Point /Bridge FaultsTo rule Engine, Release CiscoWorks Wireless LAN SolutionSsid Version number See IDS Intrusion Detection System Faults,Table-name. OID-name Problem-detailsVlan Vlan numberChannel origChannel NewChannelRadio Interface Faults Broadcast is disabled for Radio-x Radio Interface Faults Rate % Reason, IgnoredFault. See Q.What are the results Verify RM Capability IDS Intrusion Detection System Faults IDS Faults IDS CcmpOwsize FloodcountFramecount,Intervalwind Channel Frames Sntp Enabled That is observed generating ViolationNumber of Ccmp Replay Fault threshold set for Number of Tkip Local Fault threshold set for Cd11IfStationRole from Unregistered Clients One or more unregistered clients Threshold% Voice FaultsWlse Faults Wlse LAN Solution Engine, 2.13. or in the onlineEAP-FAST AAA Server FaultsEAP-MD5, Leap EAP-MD5 /LEAP PEAP/RADIUSEAP-MD5 EAP-FAST5EAP LeapPeap Radius Degraded utilization % Switch FaultsUtilization % Wlsm Faults Router FaultOL-8376-01 D E IN-2 IN-3 IN-4 HttpNAT Detection, frequencyIN-6 IN-7 SSHIN-8 WDSWlsm IN-10
Top Page Image Contents