IdentiFi Controller f/w detects Local Authorized APs/BSSIDs as Spoofed

  • 0
  • 1
  • Article
  • Updated 4 years ago
  • (Edited)
Article ID: 15064 

C20, C25, C4110, C5110, C5210, V2110; firmware,
IdentiFi (formerly Enterasys, HiPath) Wireless Controller 

Some known BSSIDs are marked as Spoofed, Internal Honeypot, or Rogue.
In some cases the radios of the threat-designated Access Point (AP) are disabled. 

Several variations of this issue can yield largely the same symptoms. 

Upgrade to firmware or higher. 
Release notes state, in the 'Changes in' section:
wns0008416    Corrects an issue that could result in a false positive event whereby an authorized AP is mis-classified as a threat.

Pre-upgrade workaround: 

  1. Identify the false threat items in the Active Threats Report.
  2. Add them to the friendly list.
  3. Go to the Radar->Maintenance->Friendly page and make them Authorized.
  4. Check on the Radar->Maintenance->Authorized page that the BSSIDs/MACs are there.
Photo of FAQ User

FAQ User, Official Rep

  • 13,590 Points 10k badge 2x thumb

Posted 4 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.