Chapter 2 Fault Descriptions
IDS (Intrusion Detection System) Faults
Table | IDS Faults (continued) |
|
|
|
|
| ||
|
|
|
|
| ||||
| Fault Description | Explanation | Related Setting | Recommended Action | ||||
|
|
|
|
| ||||
| Unregistered Client(s) | One or more unregistered clients | IDS > | Set the priority of the fault to be | ||||
| present |
| have been detected in the wireless | Manage IDS Settings | generated and the threshold for the | |||
|
|
| network, and are unsucessfully | > General IDS | failed authentication attempts by the | |||
|
|
| attempting to authenticate with | Settings > | client. | |||
|
|
| the APs. | Unregistered Client | Make a physical check near the | |||
|
|
|
|
| ||||
|
|
| The unregistered client fault is |
| scanning AP that reported this fault | |||
|
|
| triggered when an AP in scanning |
| to see if there are any rogue clients. | |||
|
|
| mode detects a number of probe |
|
|
|
|
|
|
|
| requests and association requests |
|
|
|
|
|
|
|
| from a station, client, or access |
|
|
|
|
|
|
|
| point, which crosses the |
|
|
|
|
|
|
|
| configuired threshold in the |
|
|
|
|
|
|
|
| configured time. |
|
|
|
|
|
|
|
| The registration attempts are not |
|
|
|
|
|
|
|
| being made to the scanning AP; |
|
|
|
|
|
|
|
| the attempts are being made to |
|
|
|
|
|
|
|
| regular APs that the scanning AP |
|
|
|
|
|
|
|
| notices. |
|
|
|
|
|
|
|
| The scanning AP counts the |
|
|
|
|
|
|
|
| packets per station. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| (The fault is generated based on |
|
|
|
|
|
|
|
| the configured Client |
|
|
|
|
|
|
|
| Registration Request Count |
|
|
|
|
|
|
|
| within a |
|
|
|
|
|
|
|
| default is 100 registrations, but |
|
|
|
|
|
|
|
| can be changed to 200, 300, 400 |
|
|
|
|
|
|
|
| or 500. ) |
|
|
|
|
|
|
|
| This fault is cleared when no |
|
|
|
|
|
|
|
| registration attempts are detected |
|
|
|
|
|
|
|
| during the observation interval |
|
|
|
|
|
|
|
| (the client leaves the wireless |
|
|
|
|
|
|
|
| network or is not seen or reported |
|
|
|
|
|
|
|
| by any Scanning APs). |
|
|
|
|
|
|
|
|
|
| ||||
| Wireless Client MAC | The WLSE has detected a | IDS > | Review your network to determine | ||||
| spoofing detected | spoofed MAC address. | Manage IDS Settings | the action necessary to clear the fault | ||||
|
|
| Whenever the WDS detects an | > General IDS | condition. | |||
|
|
| Settings > Wireless |
|
|
|
| |
|
|
| authentication taking place for a |
|
|
|
| |
|
|
| Client MAC Spoofing |
|
|
|
| |
|
|
| known MAC address, it verifies |
|
|
|
| |
|
|
|
|
|
|
|
| |
|
|
| that the same user ID is being |
|
|
|
|
|
|
|
| used. If the user ID does not |
|
|
|
|
|
|
|
| match, the authentication is |
|
|
|
|
|
|
|
| rejected and a fault is issued. |
|
|
|
|
|
|
|
| When this fault is cleared, the |
|
|
|
|
|
|
|
| following message displays: No |
|
|
|
|
|
|
|
| Wireless Client MAC Spoofing |
|
|
|
|
|
|
|
| Detected. |
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
| FAQ and Troubleshooting Guide for the CiscoWorks Wireless LAN Solution Engine |
|
| |||
|
|
|
| |||||
|
|
|
|
|
|
| ||
|
|
|
|
|
|
| ||
