Wireless Access

Reply
Regular Contributor I
Posts: 186
Registered: ‎03-22-2013

"Power Save DoS Attack..." since upgrade

[ Edited ]

What is the impact of of these errors being reported, noticeably, since we upgraded to 6.3.1.17 form 6.3.1.2. 

 

Power Save DoS Attack: An AP detected
a Power Save DoS attack on client

 

Also, grabbed these from a recently reported client with poor connectivity...

 

Disconnect Station Attack: An AP
detected a disconnect attack of client 

 

and loads of these with it too...

 

Sep 7 09:37:27 2015 ARUBA-LOCAL authmgr[3703]: <132093> <ERRS>
<ARUBA-LOCAL > WPA2 Key message 2 from Station AP-04 did not match the replay
counter 05 vs 07

 

We have been getting reports of client not conecting, and Ive seen some very strange behaviour were clients are seeing good signal strength, but just wont joint the ssid....

 

I have seen mention of this within the form, and advice to adjust one of the thresholds, as this  issue can be caused by over aggressing power saving clients.  But given that the only thing we have changed int he last 2 weeks is upgrading the controller, this links to when users say they have been seeing these issues, so I wonder if its a change in the threshold or a new feature, that didnt exist before...

 

Could this explain the connectivity issue we are seeing with clients?

Guru Elite
Posts: 20,822
Registered: ‎03-29-2007

Re: "Power Save DoS Attack..." since upgrade

Yes and no.  A power save DOS attack is not necessarily common and in this situation, it could probably be a false positive.  The replay message is common in areas with poor RF, however.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 186
Registered: ‎03-22-2013

Re: "Power Save DoS Attack..." since upgrade

I was hoping DoS may have been the reason why there seems to be lots of clients having issues, and also could expain some of the strange behaviour I have seen. 

 

The explanation I had found of the error indicated that modern clients can be more aggressive when it comes to power saving, so the controller is seeing lots of diconnects/reconnects, so I assumed it may have been de-authing the clinet, or some other mechanism to block it from connecting. 

 

There was a group of 4 laptops in the same area, all reporting excellent coverage, yet none of them would connect to the ssid, yet my laptop was fine.  No vlan, lease pool.. or other issues I could think of that could cause this issue, and not something I heard of or seen before we upgraded to .17.

 

Ive also now turned off Client Match, in accordance witht he notes tagged to the .17 download page, which were not there when I was told to upgrade to it.....

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: