Wireless Access

Reply
Highlighted
New Contributor

Interfering AP how disable it function on controller 7220?

Dear Colleagues,

 

Please help us with the problem which occured in our companie's controller. When we review log there appere erorr like this: wms[3514]: <126087> <WARN> |wms| |ids| AP(94:b4:0f:a2:53:60@94:b4:0f:c2:25:36): Block ACK DoS Attack: An AP detected a data frame which indicates a possible Block ACK DoS Attack. The frame from 88:d7:f6:b4:6d:de to 00:00:5e:00:01:29 (BSSID 94:b4:0f:a2:53:61 on CHANNEL 1 with SNR 40) is outside the current sequence number window, and thus may be dropped. Additional Info: Victim:88:d7:f6:b4:6d:de TID:0 Retry:0 Dir:2 StartSq:24 FrameSq:19 EndSq:87 BSSID:94:b4:0f:a2:53:61 . Associated WVE ID(s): WVE-2008-0006.

After we start search this warn and in this form we have found that interfering AP function has been enabled, how we could resolve this issue, please help

Guru Elite

Re: Interfering AP how disable it function on controller 7220?

Block ACK DOS attack can have  false positives and I would disable it in the IDS DOS profile because it can fill up your logs needlessly.  https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/content/arubaframestyles/1commandlist/ids_dos_profile.htm?Highlight=block%20ack%20dos


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
New Contributor

Re: Interfering AP how disable it function on controller 7220?

We have just tried to use all commands which were in below link, but this logs are coming now again, if there other solution for resolve it, may be something else in the settings are presented?

 

This is one more error which come after DoS attack

 

wms[3514]: <126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 04:f0:21:11:0c:4d and SSID Bakubus on CHANNEL 2) as rogue. Additional Info: Detector-AP-Name:94:b4:0f:c2:24:d8; Detector-AP-MAC:94:b4:0f:a2:4d:80; Detector-AP-Radio:2.

Guru Elite

Re: Interfering AP how disable it function on controller 7220?

I don't know about a DOS attack.

 

Type "show wms rogue-ap 04:f0:21:11:0c:4d" to see why the controller thinks Bakubus is a rogue AP.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
New Contributor

Re: Interfering AP how disable it function on controller 7220?

Could you help me please with this info, because I could not undestand what happens in controller if Type show me generic-ap but status down, how i can disabled detecting other networks?

 

Rogue AP Info
-------------
Key Value
--- -----
BSSID 04:f0:21:11:0c:4d
SSID Bakubus
Channel 2
Type generic-ap
RAP Type rogue
Status down
Match Type Classification-Disabled
Match MAC 00:00:00:00:00:00
Match IP 0.0.0.0
Match AM 94:b4:0f:c2:24:d8
Match Method N/A
Match Time Thu Jun 27 15:50:53 2019

Re: Interfering AP how disable it function on controller 7220?

This is just indicating you have a rogue (an AP on the same network as your other APs that is not managed by the Aruba system). Not sure you can turn it off, but if you know it's yours and is approved, you can mark that BSSID as 'valid'


Jerrod Howard
Distinguished Technologist, TME
New Contributor

Re: Interfering AP how disable it function on controller 7220?

This is SSID isn't our SSID and I want to turn off detection. But I have turn off IDS and HotSpot 2.0 function and issue was continiue. Also I have demark rogue mark.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: