Cisco Systems OL-8376-01 manual Unregistered Clients One or more unregistered clients

Page 97

Chapter 2 Fault Descriptions

IDS (Intrusion Detection System) Faults

Table 2-3

IDS Faults (continued)

 

 

 

 

 

 

 

 

 

 

 

Fault Description

Explanation

Related Setting

Recommended Action

 

 

 

 

 

 

Unregistered Client(s)

One or more unregistered clients

IDS >

Set the priority of the fault to be

 

present

 

have been detected in the wireless

Manage IDS Settings

generated and the threshold for the

 

 

 

network, and are unsucessfully

> General IDS

failed authentication attempts by the

 

 

 

attempting to authenticate with

Settings >

client.

 

 

 

the APs.

Unregistered Client

Make a physical check near the

 

 

 

 

 

 

 

 

The unregistered client fault is

 

scanning AP that reported this fault

 

 

 

triggered when an AP in scanning

 

to see if there are any rogue clients.

 

 

 

mode detects a number of probe

 

 

 

 

 

 

 

 

requests and association requests

 

 

 

 

 

 

 

 

from a station, client, or access

 

 

 

 

 

 

 

 

point, which crosses the

 

 

 

 

 

 

 

 

configuired threshold in the

 

 

 

 

 

 

 

 

configured time.

 

 

 

 

 

 

 

 

The registration attempts are not

 

 

 

 

 

 

 

 

being made to the scanning AP;

 

 

 

 

 

 

 

 

the attempts are being made to

 

 

 

 

 

 

 

 

regular APs that the scanning AP

 

 

 

 

 

 

 

 

notices.

 

 

 

 

 

 

 

 

The scanning AP counts the

 

 

 

 

 

 

 

 

packets per station.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(The fault is generated based on

 

 

 

 

 

 

 

 

the configured Client

 

 

 

 

 

 

 

 

Registration Request Count

 

 

 

 

 

 

 

 

within a 15-minute period. The

 

 

 

 

 

 

 

 

default is 100 registrations, but

 

 

 

 

 

 

 

 

can be changed to 200, 300, 400

 

 

 

 

 

 

 

 

or 500. )

 

 

 

 

 

 

 

 

This fault is cleared when no

 

 

 

 

 

 

 

 

registration attempts are detected

 

 

 

 

 

 

 

 

during the observation interval

 

 

 

 

 

 

 

 

(the client leaves the wireless

 

 

 

 

 

 

 

 

network or is not seen or reported

 

 

 

 

 

 

 

 

by any Scanning APs).

 

 

 

 

 

 

 

 

 

 

 

Wireless Client MAC

The WLSE has detected a

IDS >

Review your network to determine

 

spoofing detected

spoofed MAC address.

Manage IDS Settings

the action necessary to clear the fault

 

 

 

Whenever the WDS detects an

> General IDS

condition.

 

 

 

Settings > Wireless

 

 

 

 

 

 

 

authentication taking place for a

 

 

 

 

 

 

 

Client MAC Spoofing

 

 

 

 

 

 

 

known MAC address, it verifies

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

that the same user ID is being

 

 

 

 

 

 

 

 

used. If the user ID does not

 

 

 

 

 

 

 

 

match, the authentication is

 

 

 

 

 

 

 

 

rejected and a fault is issued.

 

 

 

 

 

 

 

 

When this fault is cleared, the

 

 

 

 

 

 

 

 

following message displays: No

 

 

 

 

 

 

 

 

Wireless Client MAC Spoofing

 

 

 

 

 

 

 

 

Detected.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

FAQ and Troubleshooting Guide for the CiscoWorks Wireless LAN Solution Engine

 

 

 

 

 

 

 

OL-8376-01

 

 

 

 

 

2-23

 

 

 

 

 

 

 

 

Image 97
Contents Customer Order Number OL-8376-01 Corporate HeadquartersCopyright 2006 Cisco Systems, Inc. All rights reserved N T E N T S Fault Descriptions Conventions AudienceConvention Italic fontAvailable Formats Product Documentation105/wlse/213/index.htm Obtaining DocumentationProduct Documentation DVD Cisco.comOrdering Documentation Documentation Feedback Reporting Security Problems in Cisco ProductsCisco Product Security Overview Cisco Technical Support & Documentation Website Obtaining Technical AssistanceDefinitions of Service Request Severity Submitting a Service RequestObtaining Additional Publications and Information Xii General FAQs General FAQs and TroubleshootingFAQs and Troubleshooting General FAQs and Troubleshooting MIB Name Description General Troubleshooting If no, see Symptom Cannot log in as a system administrator., Possible Cause Restart the system services by entering the following Symptom The system time or date is incorrect # ip name-server ip-address Deployment Wizard Troubleshooting Faults FAQs Faults FAQs and TroubleshootingFAQs and Troubleshooting Faults FAQs and Troubleshooting Faults Troubleshooting Recommended Action Not applicable Devices FAQs Devices FAQs and TroubleshootingFAQs and Troubleshooting Devices FAQs and Troubleshooting Discovery/Device Management Troubleshooting Devices TroubleshootingMessage Possible Cause Recommended Action Discovered but could not be FAQs and Troubleshooting Devices FAQs and Troubleshooting Configuration FAQs Configuration FAQs and TroubleshootingOL-8376-01 Page OL-8376-01 Configuration Troubleshooting Auto-Managed Configuration Assign Templates Firmware FAQs Firmware FAQs and TroubleshootingFirmware Troubleshooting Recommended Action FAQs and Troubleshooting Firmware FAQs and Troubleshooting Reports FAQs Reports FAQs and TroubleshootingTelnet Credential Fields Required Reports Troubleshooting Recommended Action None Click jobvm.log Radio Manager FAQs Radio Manager FAQs and TroubleshootingConfiguration Radio MonitoringMiscellaneous Auto Re-Site SurveyWDS AP? When Wlse is used for initial setup OL-8376-01 Auto Re-Site Survey Select Devices Discover Managed/Unmanaged Radio Manager TroubleshootingSites FAQs Sites FAQs and TroubleshootingLocation Manager Assisted Site survey WizardRadio Parameter Generation AP Radio ScanAssisted Site Survey Wizard FAQs and Troubleshooting Sites FAQs and Troubleshooting AP Radio Scan Sites Troubleshooting FAQs and Troubleshooting Sites FAQs and Troubleshooting FAQs and Troubleshooting Sites FAQs and Troubleshooting Intrusion Detection System FAQs Intrusion Detection System FAQs and TroubleshootingAPs in Scanning-Only Mode Detecting Rogue APsDetecting Rogue APs Page OL-8376-01 Intrusion Detection System Troubleshooting Admin FAQs Admin FAQs and TroubleshootingFAQs and Troubleshooting Admin FAQs and Troubleshooting Redundancy State Description Admin Troubleshooting Recommended Action FAQs and Troubleshooting Admin FAQs and Troubleshooting Select Faults Manage Fault Settings Generating Diagnostics for Technical Assistance Troubleshooting Tools for the Wlse ApplianceInternal AAA Server Wlse Express FAQs Fault Descriptions To rule Access Point /Bridge FaultsUtilization % Engine, Release CiscoWorks Wireless LAN SolutionSsid Version number See IDS Intrusion Detection System Faults,Table-name. OID-name Problem-detailsVlan Vlan numberChannel origChannel NewChannelRadio Interface Faults Broadcast is disabled for Radio-x Radio Interface Faults Rate % Reason, IgnoredFault. See Q.What are the results Verify RM Capability IDS Intrusion Detection System Faults IDS Faults IDS CcmpFramecount,Intervalwind FloodcountOwsize Channel Frames Sntp Enabled That is observed generating ViolationNumber of Ccmp Replay Fault threshold set for Number of Tkip Local Fault threshold set for Cd11IfStationRole from Unregistered Clients One or more unregistered clients Wlse Faults Voice FaultsThreshold% Wlse LAN Solution Engine, 2.13. or in the onlineEAP-FAST AAA Server FaultsEAP-MD5, Leap EAP-MD5 /LEAP PEAP/RADIUSEAP-MD5 EAP-FAST5EAP LeapPeap Radius Degraded utilization % Switch FaultsUtilization % Wlsm Faults Router FaultOL-8376-01 D E IN-2 IN-3 IN-4 HttpNAT Detection, frequencyIN-6 IN-7 SSHIN-8 WDSWlsm IN-10