Wireless Access

Regular Contributor II

"Power Save DoS Attack..." since upgrade

What is the impact of of these errors being reported, noticeably, since we upgraded to form 


Power Save DoS Attack: An AP detected
a Power Save DoS attack on client


Also, grabbed these from a recently reported client with poor connectivity...


Disconnect Station Attack: An AP
detected a disconnect attack of client 


and loads of these with it too...


Sep 7 09:37:27 2015 ARUBA-LOCAL authmgr[3703]: <132093> <ERRS>
<ARUBA-LOCAL > WPA2 Key message 2 from Station AP-04 did not match the replay
counter 05 vs 07


We have been getting reports of client not conecting, and Ive seen some very strange behaviour were clients are seeing good signal strength, but just wont joint the ssid....


I have seen mention of this within the form, and advice to adjust one of the thresholds, as this  issue can be caused by over aggressing power saving clients.  But given that the only thing we have changed int he last 2 weeks is upgrading the controller, this links to when users say they have been seeing these issues, so I wonder if its a change in the threshold or a new feature, that didnt exist before...


Could this explain the connectivity issue we are seeing with clients?

Guru Elite

Re: "Power Save DoS Attack..." since upgrade

Yes and no.  A power save DOS attack is not necessarily common and in this situation, it could probably be a false positive.  The replay message is common in areas with poor RF, however.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Regular Contributor II

Re: "Power Save DoS Attack..." since upgrade

I was hoping DoS may have been the reason why there seems to be lots of clients having issues, and also could expain some of the strange behaviour I have seen. 


The explanation I had found of the error indicated that modern clients can be more aggressive when it comes to power saving, so the controller is seeing lots of diconnects/reconnects, so I assumed it may have been de-authing the clinet, or some other mechanism to block it from connecting. 


There was a group of 4 laptops in the same area, all reporting excellent coverage, yet none of them would connect to the ssid, yet my laptop was fine.  No vlan, lease pool.. or other issues I could think of that could cause this issue, and not something I heard of or seen before we upgraded to .17.


Ive also now turned off Client Match, in accordance witht he notes tagged to the .17 download page, which were not there when I was told to upgrade to it.....





Search Airheads
Showing results for 
Search instead for 
Did you mean: