Cisco Systems OL-8376-01 manual Ccmp, Ids

Page 90

Chapter 2 Fault Descriptions

IDS (Intrusion Detection System) Faults

Table 2-3

IDS Faults (continued)

 

 

 

 

 

 

Fault Description

Explanation

Related Setting

Recommended Action

 

 

 

 

Bad MIC while MFP

This fault is raised against the AP

Not applicable.

Investigate the possibility that a

enabled

 

that is observed generating the

 

rogue AP is conducting a spoofing

 

 

violation.

 

attack against the managed network.

 

 

 

 

Also, make sure that an MFP

 

 

 

 

configuration error (see MFP

 

 

 

 

Configuration error (Detect disabled;

 

 

 

 

should be enabled), page 2-19) is not

 

 

 

 

the root cause of the MFP Validation

 

 

 

 

error. It is also possible that

 

 

 

 

communications problems between

 

 

 

 

the WDS and its registered APs have

 

 

 

 

prevented MFP key rotation

 

 

 

 

messages from reaching either the

 

 

 

 

detector or generator AP.

 

 

 

 

Bad Sequence Number

This fault is raised against the AP

Not applicable.

See Bad MIC while MFP enabled,

while MFP enabled

that is observed generating the

 

page 2-16).

 

 

violation.

 

 

 

 

 

 

 

CCMP

 

The fault threshold has been

IDS > Manage IDS

Verify that the fault threshold is set

DecryptErrorsClient is

exceeded for the number of

Settings >

correctly.

detected

 

decryption errors detected by the

CcmpDecryptErrorsC

If the threshold is set correctly,

 

 

CCMP play mechanism on the

lient

review your network to determine the

 

 

interface.

 

 

 

 

action necessary to clear the fault

 

 

 

 

 

 

 

 

condition.

 

 

 

 

CCMP Replay Client is

The fault threshold set has been

IDS >

Verify that the fault threshold is set

detected

 

exceeded.

Manage IDS Settings

correctly.

 

 

When this fault is cleared, the

> General Settings >

If the threshold is set correctly,

 

 

CcmpReplaysClient

 

 

following message displays:

review your network to determine the

 

 

 

 

 

There is no CCMP Replay

 

action necessary to clear the fault

 

 

detected

 

condition.

 

 

 

 

Client association rate is

The fault thresholds been

IDS >

Verify that the fault threshold is set

Degraded number per

exceeded.

Manage IDS Settings

correctly.

minute

 

When this fault is cleared, the

> IDS-802.11x >

If the threshold is set correctly,

 

 

Authentication Error

 

 

following message displays:

review your network to determine the

 

 

Rate

 

 

Client association rate is OK.

action necessary to clear the fault

 

 

 

 

 

 

 

condition

 

 

 

 

 

FAQ and Troubleshooting Guide for the CiscoWorks Wireless LAN Solution Engine

2-16

OL-8376-01

 

 

Page 89 Page 91
Image 90
Page 89 Page 91
Contents Corporate Headquarters Customer Order Number OL-8376-01Copyright 2006 Cisco Systems, Inc. All rights reserved N T E N T S Fault Descriptions Convention AudienceConventions Italic fontProduct Documentation Available FormatsObtaining Documentation 105/wlse/213/index.htmCisco.com Product Documentation DVDOrdering Documentation Reporting Security Problems in Cisco Products Documentation FeedbackCisco Product Security Overview Obtaining Technical Assistance Cisco Technical Support & Documentation WebsiteSubmitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information Xii General FAQs and Troubleshooting General FAQsFAQs and Troubleshooting General FAQs and Troubleshooting MIB Name Description General Troubleshooting If no, see Symptom Cannot log in as a system administrator., Possible Cause Restart the system services by entering the following Symptom The system time or date is incorrect # ip name-server ip-address Deployment Wizard Troubleshooting Faults FAQs and Troubleshooting Faults FAQsFAQs and Troubleshooting Faults FAQs and Troubleshooting Faults Troubleshooting Recommended Action Not applicable Devices FAQs and Troubleshooting Devices FAQsFAQs and Troubleshooting Devices FAQs and Troubleshooting Devices Troubleshooting Discovery/Device Management TroubleshootingMessage Possible Cause Recommended Action Discovered but could not be FAQs and Troubleshooting Devices FAQs and Troubleshooting Configuration FAQs and Troubleshooting Configuration FAQsOL-8376-01 Page OL-8376-01 Configuration Troubleshooting Auto-Managed Configuration Assign Templates Firmware FAQs and Troubleshooting Firmware FAQsFirmware Troubleshooting Recommended Action FAQs and Troubleshooting Firmware FAQs and Troubleshooting Reports FAQs and Troubleshooting Reports FAQsTelnet Credential Fields Required Reports Troubleshooting Recommended Action None Click jobvm.log Configuration Radio Manager FAQs and TroubleshootingRadio Manager FAQs Radio MonitoringAuto Re-Site Survey MiscellaneousWDS AP? When Wlse is used for initial setup OL-8376-01 Auto Re-Site Survey Radio Manager Troubleshooting Select Devices Discover Managed/UnmanagedLocation Manager Sites FAQs and TroubleshootingSites FAQs Assisted Site survey WizardAP Radio Scan Radio Parameter GenerationAssisted Site Survey Wizard FAQs and Troubleshooting Sites FAQs and Troubleshooting AP Radio Scan Sites Troubleshooting FAQs and Troubleshooting Sites FAQs and Troubleshooting FAQs and Troubleshooting Sites FAQs and Troubleshooting APs in Scanning-Only Mode Intrusion Detection System FAQs and TroubleshootingIntrusion Detection System FAQs Detecting Rogue APsDetecting Rogue APs Page OL-8376-01 Intrusion Detection System Troubleshooting Admin FAQs and Troubleshooting Admin FAQsFAQs and Troubleshooting Admin FAQs and Troubleshooting Redundancy State Description Admin Troubleshooting Recommended Action FAQs and Troubleshooting Admin FAQs and Troubleshooting Select Faults Manage Fault Settings Troubleshooting Tools for the Wlse Appliance Generating Diagnostics for Technical AssistanceInternal AAA Server Wlse Express FAQs Fault Descriptions Access Point /Bridge Faults To ruleUtilization % CiscoWorks Wireless LAN Solution Engine, ReleaseSsid See IDS Intrusion Detection System Faults, Version numberProblem-details Table-name. OID-nameChannel origChannel Vlan numberVlan NewChannelRadio Interface Faults Broadcast is disabled for Radio-x Radio Interface Faults Reason, Ignored Rate %Fault. See Q.What are the results Verify RM Capability IDS Intrusion Detection System Faults IDS Faults Ccmp IDSFloodcount Framecount,IntervalwindOwsize Channel Frames Enabled That is observed generating Violation SntpNumber of Ccmp Replay Fault threshold set for Number of Tkip Local Fault threshold set for Cd11IfStationRole from Unregistered Clients One or more unregistered clients Voice Faults Wlse FaultsThreshold% LAN Solution Engine, 2.13. or in the online WlseEAP-MD5, Leap EAP-MD5 /LEAP AAA Server FaultsEAP-FAST PEAP/RADIUSEAP-FAST5 EAP-MD5Leap EAPPeap Radius Switch Faults Degraded utilization %Utilization % Router Fault Wlsm FaultsOL-8376-01 D E IN-2 IN-3 Http IN-4Detection, frequency NATIN-6 SSH IN-7WDS IN-8Wlsm IN-10
Top Page Image Contents