Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Valid AP being DOS'ed by controller

This thread has been viewed 0 times

  • 1.  Valid AP being DOS'ed by controller

    Posted Sep 22, 2016 04:59 PM

    So, another team got a new MiFi device, and tripped AirWave due to using a corporate SSID on an unknown MAC. AirWave labelled is AP-Impersonation (as defined by a rule), and the controller set it to contain. I fixed the rule in AirWave - added the new MAC address as a valid broadcastor of the SSID - and manually changed the alert to valid both in AirWave and WMS. The controller even shows it as valid, but is still trying to kill it - and no one can connect to it. How do I make the controller stop? HMNCISMiFi is the SSID in question.

     

    Thanks,

    Russell

    show ap monitor ap-list ap-name <ap-name>:

    MonitoredAPTable             
    ------------------               
    bssidessidchanap-typephy-typedosdt/mtencrnstasavg-snrcurr-snravg-rssicurr-rssiwmacsibsscl-delay
    -----------------------------------------------------------------------------------------------
    9c:1c:12:a3:22:71HM-EMPLOYEE149valid80211a-HT-40disable5551/63wpa2-8021x-aes00220732no0
    00:0d:67:2a:8d:b5XFINITY153unknown80211a-HT-40disable4942/46wpa2-8021x-aes00230720no4942+
    80:d2:1d:7d:a2:e2HMNCISMiFi6valid80211b/g-HT-40enable4299/106wpa2-psk-aes00330620no4298

     

     



  • 2.  RE: Valid AP being DOS'ed by controller

    EMPLOYEE
    Posted Sep 22, 2016 05:05 PM

    The output you posted is unreadable.

     

    I would type "show log security 50" and see if you can see anything for that BSSID.



  • 3.  RE: Valid AP being DOS'ed by controller

    Posted Sep 23, 2016 10:10 AM

    I wouldn't go so far as to call it unreadable, but the point is that in the last row, the ap-type is 'valid', while the dos field is 'enable'; meaning as far as I can tell that the controller is trying to kill an AP that I have marked as valid, that the controller sees as valid - or at least reports as valid - and is set to valid in AirWave. Is there a CLI command that I can run on a BSSID that basically says 'this guy is our cousin, doesn't exactly live here but visits from time to time, so cut his some slack, and stop trying to kill him'?

     

    the security log showed nothing by the way. Too much in the log. Even show log security all only goes back about 5 minutes.

     

    Russell



  • 4.  RE: Valid AP being DOS'ed by controller

    EMPLOYEE
    Posted Sep 24, 2016 07:09 AM

    So, unreadable is a strong word, but I cannot piece it together.  There are quite a few ways to deny access to a device and it is not always marked as DOS, when that happens.  Your situation is open ended and you should open a case with TAC to understand why you have no access to the device.  It has hard to say with the limited information provided what is happening.