Wireless Access

Occasional Contributor I

Power Save DoS Attack spam



I am looking for help to lower the massive amount of "Power Save DoS Attack" alerts I get in Airwave from my Aruba 7210 controllers.


The controllers are running AoS


I read about the ability to change values on the Power Save IDS Event, or completely turning it off.

But I dont see these options on my controllers (working in CLI mode).


Does anyone know how to turn this off?

MVP Expert

Re: Power Save DoS Attack spam

You can disable that WIDS signature. It's HIGHLY prone to false positives and is not really a viable WIDS signature to enable anymore. You can find the settings in the CLI guide if you are working from the CLI.

Jerrod Howard
Distinguished Technologist, TME
Occasional Contributor I

Re: Power Save DoS Attack spam

Thank you for the reply.


According to the guide, I should be able to write the command "ids dos-profile <profile-name>"


But on my controller, working in CLI mode, I don't have this option.

The only available commands to me are:


(Controller) (config) #ids ?
general-profile         Configure an IDS General Profile
profile                 Configure an IDS Profile
rap-wml-server-profile  Configure an IDS RAP WML Server Profile
rap-wml-table-profile   Configure an IDS RAP WML Table Profile
unauthorized-device-p.. Configure an IDS Unauthorized Device Profile
wms-general-profile     Configure the IDS WMS General Profile
wms-local-system-prof.. Configure the IDS WMS Local System Profile



Is there a feature I need to enable or something in order to get the "dos-profile"?

Occasional Contributor II

Re: Power Save DoS Attack spam

I found the following article about the issue dating back a couple of years. I tried to duplicate some of the settings, but it did not resolve the issue.
How to mitigate frequently seen Power Save DoS Attack


To display the currently configured settings I found this command worked for me.

show ids dos-profile default | include Power
Occasional Contributor II

Re: Power Save DoS Attack spam

Also, with the following settings it did not aleviate the excessive notifications in the IDS. In a few days I have over 2000 entries. Our deployment is not exessively large. These are on a 7030 with AP305s


(Ctlr-1) #show ids dos-profile default | include Power
Detect Power Save DoS Attack                      true
Power Save DoS Detection Quiet Time               900 sec
Power Save DoS Detection Threshold                80 %
Power Save DoS Detection Minimum Frames           700


Search Airheads
Showing results for 
Search instead for 
Did you mean: