IdentiFi Controller f/w 8.21.05.0005 detects Local Authorized APs/BSSIDs as Spoofed

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 15064 

Products
C20, C25, C4110, C5110, C5210, V2110; firmware 8.21.05.0005, 8.21.06.0006
IdentiFi (formerly Enterasys, HiPath) Wireless Controller 

Symptoms
Some known BSSIDs are marked as Spoofed, Internal Honeypot, or Rogue.
In some cases the radios of the threat-designated Access Point (AP) are disabled. 

Cause
Several variations of this issue can yield largely the same symptoms. 

Solution/Workaround
Upgrade to firmware 8.21.07.0006 or higher. 
Release notes state, in the 'Changes in 8.21.07.0006' section:
wns0008416    Corrects an issue that could result in a false positive event whereby an authorized AP is mis-classified as a threat.

Pre-upgrade workaround: 

  1. Identify the false threat items in the Active Threats Report.
  2. Add them to the friendly list.
  3. Go to the Radar->Maintenance->Friendly page and make them Authorized.
  4. Check on the Radar->Maintenance->Authorized page that the BSSIDs/MACs are there.
Photo of FAQ User

FAQ User, Official Rep

  • 13,610 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.