Cisco Systems OL-8376-01 manual Admin FAQs and Troubleshooting

Page 66

Chapter 1 FAQs and Troubleshooting

Admin FAQs and Troubleshooting

A.When the Friendly-to-Rogue policy evaluates a site, any device that hasn’t been seen in “too long a time” is reclassified as rogue. This time period starts when WLSE last observed the device, not after the administrator has set it to Friendly. To keep an unmanaged device as Friendly, set the maximum unobserved time to a value larger than the amount of time the device is expected to not be observed. For example, if a friendly AP is turned off after business hours, the maximum unobserved time should be at least 14 hours (or more for weekends) or the WLSE will reclassify it as rogue.

Q.What should I do when my system is overrun with rogue APs?

A.Some networks might experience large numbers of rogues due to the nature of their neighboring networks or a one-time storm. When the number of unknown (rogue infrastructure or ad-hoc) radios is high (greater than 5000), your network might experience performance degradation. This can occur when your network is in a crowded airspace, you have products such as printers that have wireless functions that create and/or rotate ad-hoc network IDs, that are attacked by the Fake AP program, or that have APs sending corrupt beacon reports. To handle large numbers of rogues:

Use IDS > Manage Network Wide Settings to disable all rogue detection and processing from either infrastructure or ad-hoc rogues (or both).

If your network is in a crowded airspace, examine the report IDS > Manage Rogues. This report shows you the RSSI value for the detected rogues. Sorting by RSSI might give you a limit of RSSI values that you could use in IDS > Manage Network Wide Settings as a threshold.

Use IDS > Manage Rogues to delete the rogues that are no longer an issue (for example, from a temporary storm or isolated occurrence) to free up space in the WLSE.

For an explanation of the fault, see IDS (Intrusion Detection System) Faults, page 2-14.

Q.The SSID field in the Manage Rogues > Rogue AP List report is being displayed in hexagonal format (for example, "\x00\x00\x00\x00\x00\x00\x00\x00\x00"). What causes this?

A.If the SSID contains unprintable characters, the WLSE displays it in hex notation. In this example, the SSID is set to 9 hex zeros.

The WLSE displays unprintable characters as \xNN, where NN is the hex value of each character, followed by the length of the SSID in bytes. For example, “\x00” [1] means that the SSID contains the hex value \x00 and is 1 byte long. In addition, any double quote marks or backslashes that are part of the SSID octets are displayed using a preceding backslash (for example, \" or \\).

Admin FAQs and Troubleshooting

This section contains the following information for understanding and troubleshooting the WLSE appliance:

Admin FAQs, page 1-54

Admin Troubleshooting, page 1-57

Troubleshooting Tools for the WLSE Appliance, page 1-61

Admin FAQs

Q.How can I verify the status of the database?

Q.What are the rules for WLSE user names and passwords?

FAQ and Troubleshooting Guide for the CiscoWorks Wireless LAN Solution Engine

1-54

OL-8376-01

 

 

Image 66
Contents Corporate Headquarters Customer Order Number OL-8376-01Copyright 2006 Cisco Systems, Inc. All rights reserved N T E N T S Fault Descriptions Convention AudienceConventions Italic fontProduct Documentation Available FormatsObtaining Documentation 105/wlse/213/index.htmCisco.com Product Documentation DVDOrdering Documentation Reporting Security Problems in Cisco Products Documentation FeedbackCisco Product Security Overview Obtaining Technical Assistance Cisco Technical Support & Documentation WebsiteSubmitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information Xii General FAQs and Troubleshooting General FAQsFAQs and Troubleshooting General FAQs and Troubleshooting MIB Name Description General Troubleshooting If no, see Symptom Cannot log in as a system administrator., Possible Cause Restart the system services by entering the following Symptom The system time or date is incorrect # ip name-server ip-address Deployment Wizard Troubleshooting Faults FAQs and Troubleshooting Faults FAQsFAQs and Troubleshooting Faults FAQs and Troubleshooting Faults Troubleshooting Recommended Action Not applicable Devices FAQs and Troubleshooting Devices FAQsFAQs and Troubleshooting Devices FAQs and Troubleshooting Devices Troubleshooting Discovery/Device Management TroubleshootingMessage Possible Cause Recommended Action Discovered but could not be FAQs and Troubleshooting Devices FAQs and Troubleshooting Configuration FAQs and Troubleshooting Configuration FAQsOL-8376-01 Page OL-8376-01 Configuration Troubleshooting Auto-Managed Configuration Assign Templates Firmware FAQs and Troubleshooting Firmware FAQsFirmware Troubleshooting Recommended Action FAQs and Troubleshooting Firmware FAQs and Troubleshooting Reports FAQs and Troubleshooting Reports FAQsTelnet Credential Fields Required Reports Troubleshooting Recommended Action None Click jobvm.log Configuration Radio Manager FAQs and TroubleshootingRadio Manager FAQs Radio MonitoringAuto Re-Site Survey MiscellaneousWDS AP? When Wlse is used for initial setup OL-8376-01 Auto Re-Site Survey Radio Manager Troubleshooting Select Devices Discover Managed/UnmanagedLocation Manager Sites FAQs and TroubleshootingSites FAQs Assisted Site survey WizardAP Radio Scan Radio Parameter GenerationAssisted Site Survey Wizard FAQs and Troubleshooting Sites FAQs and Troubleshooting AP Radio Scan Sites Troubleshooting FAQs and Troubleshooting Sites FAQs and Troubleshooting FAQs and Troubleshooting Sites FAQs and Troubleshooting APs in Scanning-Only Mode Intrusion Detection System FAQs and TroubleshootingIntrusion Detection System FAQs Detecting Rogue APsDetecting Rogue APs Page OL-8376-01 Intrusion Detection System Troubleshooting Admin FAQs and Troubleshooting Admin FAQsFAQs and Troubleshooting Admin FAQs and Troubleshooting Redundancy State Description Admin Troubleshooting Recommended Action FAQs and Troubleshooting Admin FAQs and Troubleshooting Select Faults Manage Fault Settings Troubleshooting Tools for the Wlse Appliance Generating Diagnostics for Technical AssistanceInternal AAA Server Wlse Express FAQs Fault Descriptions Access Point /Bridge Faults To ruleUtilization % CiscoWorks Wireless LAN Solution Engine, ReleaseSsid See IDS Intrusion Detection System Faults, Version numberProblem-details Table-name. OID-nameChannel origChannel Vlan numberVlan NewChannelRadio Interface Faults Broadcast is disabled for Radio-x Radio Interface Faults Reason, Ignored Rate %Fault. See Q.What are the results Verify RM Capability IDS Intrusion Detection System Faults IDS Faults Ccmp IDSFloodcount Framecount,IntervalwindOwsize Channel Frames Enabled That is observed generating Violation SntpNumber of Ccmp Replay Fault threshold set for Number of Tkip Local Fault threshold set for Cd11IfStationRole from Unregistered Clients One or more unregistered clients Voice Faults Wlse FaultsThreshold% LAN Solution Engine, 2.13. or in the online WlseEAP-MD5, Leap EAP-MD5 /LEAP AAA Server FaultsEAP-FAST PEAP/RADIUSEAP-FAST5 EAP-MD5Leap EAPPeap Radius Switch Faults Degraded utilization %Utilization % Router Fault Wlsm FaultsOL-8376-01 D E IN-2 IN-3 Http IN-4Detection, frequency NATIN-6 SSH IN-7WDS IN-8Wlsm IN-10