2-16, Fault Description, Explanation | Cisco Systems OL-8376-01

Chapter 2 Fault Descriptions

IDS (Intrusion Detection System) Faults

Table 2-3	IDS Faults (continued)

Fault Description		Explanation	Related Setting	Recommended Action

Bad MIC while MFP		This fault is raised against the AP	Not applicable.	Investigate the possibility that a
enabled		that is observed generating the		rogue AP is conducting a spoofing
		violation.		attack against the managed network.
				Also, make sure that an MFP
				configuration error (see MFP
				Configuration error (Detect disabled;
				should be enabled), page 2-19) is not
				the root cause of the MFP Validation
				error. It is also possible that
				communications problems between
				the WDS and its registered APs have
				prevented MFP key rotation
				messages from reaching either the
				detector or generator AP.

Bad Sequence Number		This fault is raised against the AP	Not applicable.	See Bad MIC while MFP enabled,
while MFP enabled		that is observed generating the		page 2-16).
		violation.

CCMP		The fault threshold has been	IDS > Manage IDS	Verify that the fault threshold is set
DecryptErrorsClient is		exceeded for the number of	Settings >	correctly.
detected		decryption errors detected by the	CcmpDecryptErrorsC	If the threshold is set correctly,
		CCMP play mechanism on the	lient	review your network to determine the
		interface.		review your network to determine the
		interface.		action necessary to clear the fault
				action necessary to clear the fault
				condition.

CCMP Replay Client is		The fault threshold set has been	IDS >	Verify that the fault threshold is set
detected		exceeded.	Manage IDS Settings	correctly.
		When this fault is cleared, the	> General Settings >	If the threshold is set correctly,
		When this fault is cleared, the	CcmpReplaysClient	If the threshold is set correctly,
		following message displays:	CcmpReplaysClient	review your network to determine the
		following message displays:		review your network to determine the
		There is no CCMP Replay		action necessary to clear the fault
		detected		condition.

Client association rate is		The fault thresholds been	IDS >	Verify that the fault threshold is set
Degraded number per		exceeded.	Manage IDS Settings	correctly.
minute		When this fault is cleared, the	> IDS-802.11x >	If the threshold is set correctly,
		When this fault is cleared, the	Authentication Error	If the threshold is set correctly,
		following message displays:	Authentication Error	review your network to determine the
		following message displays:	Rate	review your network to determine the
		Client association rate is OK.	Rate	action necessary to clear the fault
		Client association rate is OK.		action necessary to clear the fault
				condition

FAQ and Troubleshooting Guide for the CiscoWorks Wireless LAN Solution Engine

2-16	OL-8376-01

Cisco Systems OL-8376-01 manual 2-16, Fault Description, Explanation, Related Setting

Models: OL-8376-01

2-16