Need help, why my controller DoS the client when it roam?
Controller: 3600, AOS 6.1.2.5
We are testing new laptops to be used for doctors in the hospital. During test, the laptop roamed and suddenly disconnected. When the laptop disconnected the log showed the laptop was DoS
(WC01) #show log all | include a0:88:b4:07:35:5c
Apr 9 12:06:43 sapd[902]: <127109> <WARN> |AP MOBW.1.120A@172.18.8.42 sapd| |ids-ap| AP(d8:c7:c8:23:0e:40): Power Save DoSn AP detected a Power Save DoS attack on client a0:88:b4:07:35:5c and access point (BSSID d8:c7:c8:18:4d:61 and SSID btnrh_wNEL 6). SNR of client is 7. Additional Info: Pwr-Mgmt-On-Pkts:49; Pwr-Mgmt-Off-Pkts:61.
Apr 9 12:08:21 sapd[902]: <127109> <WARN> |AP MOBW.1.120A@172.18.8.42 sapd| |ids-ap| AP(d8:c7:c8:23:0e:40): Power Save DoSn AP detected a Power Save DoS attack on client a0:88:b4:07:35:5c and access point (BSSID d8:c7:c8:23:0a:71 and SSID btnrh_wNEL 6). SNR of client is 24. Additional Info: Pwr-Mgmt-On-Pkts:54; Pwr-Mgmt-Off-Pkts:66.
Apr 9 14:01:31 sapd[902]: <127109> <WARN> |AP MOBW.1.120B@172.18.15.128 sapd| |ids-ap| AP(d8:c7:c8:23:0c:80): Power Save D An AP detected a Power Save DoS attack on client a0:88:b4:07:35:5c and access point (BSSID d8:c7:c8:23:0d:10 and SSID btnrhANNEL 11). SNR of client is 8. Additional Info: Pwr-Mgmt-On-Pkts:172; Pwr-Mgmt-Off-Pkts:72.
During the client de-auth, show auth-tracebuf indicated the client tried but failed re-authentication
Apr 9 13:58:32 station-down * a0:88:b4:07:35:5c 00:0b:86:8e:42:c8 - -
Apr 9 13:58:32 station-up * a0:88:b4:07:35:5c 00:0b:86:8e:2c:c8 - - wpa tkip
Apr 9 13:58:32 eap-id-req <- a0:88:b4:07:35:5c 00:0b:86:8e:2c:c8 1 5
Apr 9 13:58:32 eap-start -> a0:88:b4:07:35:5c 00:0b:86:8e:2c:c8 - -
Apr 9 13:58:32 eap-id-req <- a0:88:b4:07:35:5c 00:0b:86:8e:2c:c8 1 5
Apr 9 13:58:32 eap-id-resp -> a0:88:b4:07:35:5c 00:0b:86:8e:2c:c8 1 39 host/nerh123910.btnrh.boystown.org
Apr 9 13:58:32 rad-req -> a0:88:b4:07:35:5c 00:0b:86:8e:2c:c8 65409 237
Apr 9 13:58:32 eap-id-resp -> a0:88:b4:07:35:5c 00:0b:86:8e:2c:c8 1 39 host/nerh123910.btnrh.boystown.org
The only way to make this client came back is disconnect and reconnect the ssid.
Thanks,
Trinh Nguyen
#3600