09-07-2015 02:11 AM - edited 09-07-2015 02:52 AM
What is the impact of of these errors being reported, noticeably, since we upgraded to 126.96.36.199 form 188.8.131.52.
Power Save DoS Attack: An AP detected
a Power Save DoS attack on client
Also, grabbed these from a recently reported client with poor connectivity...
Disconnect Station Attack: An AP
detected a disconnect attack of client
and loads of these with it too...
Sep 7 09:37:27 2015 ARUBA-LOCAL authmgr: <132093> <ERRS>
<ARUBA-LOCAL > WPA2 Key message 2 from Station AP-04 did not match the replay
counter 05 vs 07
We have been getting reports of client not conecting, and Ive seen some very strange behaviour were clients are seeing good signal strength, but just wont joint the ssid....
I have seen mention of this within the form, and advice to adjust one of the thresholds, as this issue can be caused by over aggressing power saving clients. But given that the only thing we have changed int he last 2 weeks is upgrading the controller, this links to when users say they have been seeing these issues, so I wonder if its a change in the threshold or a new feature, that didnt exist before...
Could this explain the connectivity issue we are seeing with clients?
09-07-2015 11:22 AM
Yes and no. A power save DOS attack is not necessarily common and in this situation, it could probably be a false positive. The replay message is common in areas with poor RF, however.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
09-08-2015 12:20 AM
I was hoping DoS may have been the reason why there seems to be lots of clients having issues, and also could expain some of the strange behaviour I have seen.
The explanation I had found of the error indicated that modern clients can be more aggressive when it comes to power saving, so the controller is seeing lots of diconnects/reconnects, so I assumed it may have been de-authing the clinet, or some other mechanism to block it from connecting.
There was a group of 4 laptops in the same area, all reporting excellent coverage, yet none of them would connect to the ssid, yet my laptop was fine. No vlan, lease pool.. or other issues I could think of that could cause this issue, and not something I heard of or seen before we upgraded to .17.
Ive also now turned off Client Match, in accordance witht he notes tagged to the .17 download page, which were not there when I was told to upgrade to it.....