Wireless Access

Reply
DSP
Contributor II
Posts: 37
Registered: ‎03-25-2013

Association To Honeypot AP

 

Hello , 

 

Does anybody what does this entry on security logs mean ? 

 

Nov 11 17:41:40 :126075: <WARN> |wms| |ids| AP(00:0b:86:07:xx:xx@AP1): Valid Client Misassociation: An AP detected a misassociation between valid client b4:ce:f6:42:xx:xx and access point (BSSID 64:d8:14:b2:xx:xx and SSID SSID-Name on CHANNEL 11). Association type is (Association To Honeypot AP), SNR of client is 0.

 

Running AOS Version 6.3.1.15

 

Thank you, 

 

DSP

MVP
Posts: 1,404
Registered: ‎11-07-2008

Re: Association To Honeypot AP

Maybe the client moved to an invalid SSID after being on a Valid SSID (one managed by the controller) and the controller stood up a honeypot to capture said client, or maybe there is a spoofed AP nearby that the client moved to and the controller moved it back to a honeypot SSID? Hard to know for sure without more info, but you could open a TAC case to have them investigate. If you are using WIDS and have enabled any client protection, that is likely the reason.

Jerrod Howard
Sr. Techical Marketing Engineer
Search Airheads
Showing results for 
Search instead for 
Did you mean: