Wireless Access

last person joined: 9 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Association To Honeypot AP

This thread has been viewed 9 times

  • 1.  Association To Honeypot AP

    Posted Nov 11, 2015 12:54 PM

     

    Hello , 

     

    Does anybody what does this entry on security logs mean ? 

     

    Nov 11 17:41:40 :126075: <WARN> |wms| |ids| AP(00:0b:86:07:xx:xx@AP1): Valid Client Misassociation: An AP detected a misassociation between valid client b4:ce:f6:42:xx:xx and access point (BSSID 64:d8:14:b2:xx:xx and SSID SSID-Name on CHANNEL 11). Association type is (Association To Honeypot AP), SNR of client is 0.

     

    Running AOS Version 6.3.1.15

     

    Thank you, 

     

    DSP



  • 2.  RE: Association To Honeypot AP

    EMPLOYEE
    Posted Nov 11, 2015 01:17 PM

    Maybe the client moved to an invalid SSID after being on a Valid SSID (one managed by the controller) and the controller stood up a honeypot to capture said client, or maybe there is a spoofed AP nearby that the client moved to and the controller moved it back to a honeypot SSID? Hard to know for sure without more info, but you could open a TAC case to have them investigate. If you are using WIDS and have enabled any client protection, that is likely the reason.