11-11-2015 09:54 AM
Does anybody what does this entry on security logs mean ?
Nov 11 17:41:40 :126075: <WARN> |wms| |ids| AP(00:0b:86:07:xx:xx@AP1): Valid Client Misassociation: An AP detected a misassociation between valid client b4:ce:f6:42:xx:xx and access point (BSSID 64:d8:14:b2:xx:xx and SSID SSID-Name on CHANNEL 11). Association type is (Association To Honeypot AP), SNR of client is 0.
Running AOS Version 188.8.131.52
11-11-2015 10:17 AM
Maybe the client moved to an invalid SSID after being on a Valid SSID (one managed by the controller) and the controller stood up a honeypot to capture said client, or maybe there is a spoofed AP nearby that the client moved to and the controller moved it back to a honeypot SSID? Hard to know for sure without more info, but you could open a TAC case to have them investigate. If you are using WIDS and have enabled any client protection, that is likely the reason.
Sr. Techical Marketing Engineer