Wireless Access

Dear Colleagues,

Please help us with the problem which occured in our companie's controller. When we review log there appere erorr like this: wms[3514]: <126087> <WARN> |wms| |ids| AP(94:b4:0f:a2:53:60@94:b4:0f:c2:25:36): Block ACK DoS Attack: An AP detected a data frame which indicates a possible Block ACK DoS Attack. The frame from 88:d7:f6:b4:6d:de to 00:00:5e:00:01:29 (BSSID 94:b4:0f:a2:53:61 on CHANNEL 1 with SNR 40) is outside the current sequence number window, and thus may be dropped. Additional Info: Victim:88:d7:f6:b4:6d:de TID:0 Retry:0 Dir:2 StartSq:24 FrameSq:19 EndSq:87 BSSID:94:b4:0f:a2:53:61 . Associated WVE ID(s): WVE-2008-0006.

After we start search this warn and in this form we have found that interfering AP function has been enabled, how we could resolve this issue, please help

Block ACK DOS attack can have  false positives and I would disable it in the IDS DOS profile because it can fill up your logs needlessly.  https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/content/arubaframestyles/1commandlist/ids_dos_profile.htm?Highlight=block%20ack%20dos

We have just tried to use all commands which were in below link, but this logs are coming now again, if there other solution for resolve it, may be something else in the settings are presented?

This is one more error which come after DoS attack

wms[3514]: <126002> <ERRS> |wms| |ids| Rogue AP: The system classified an access point(BSSID 04:f0:21:11:0c:4d and SSID Bakubus on CHANNEL 2) as rogue. Additional Info: Detector-AP-Name:94:b4:0f:c2:24:d8; Detector-AP-MAC:94:b4:0f:a2:4d:80; Detector-AP-Radio:2.

I don't know about a DOS attack.

Type "show wms rogue-ap 04:f0:21:11:0c:4d" to see why the controller thinks Bakubus is a rogue AP.

Could you help me please with this info, because I could not undestand what happens in controller if Type show me generic-ap but status down, how i can disabled detecting other networks?

Rogue AP Info
-------------
Key Value
--- -----
BSSID 04:f0:21:11:0c:4d
SSID Bakubus
Channel 2
Type generic-ap
RAP Type rogue
Status down
Match Type Classification-Disabled
Match MAC 00:00:00:00:00:00
Match IP 0.0.0.0
Match AM 94:b4:0f:c2:24:d8
Match Method N/A
Match Time Thu Jun 27 15:50:53 2019

This is just indicating you have a rogue (an AP on the same network as your other APs that is not managed by the Aruba system). Not sure you can turn it off, but if you know it's yours and is approved, you can mark that BSSID as 'valid'

This is SSID isn't our SSID and I want to turn off detection. But I have turn off IDS and HotSpot 2.0 function and issue was continiue. Also I have demark rogue mark.