Header Only - DO NOT REMOVE - Extreme Networks

IdentiFi Controller f/w 8.21.05.0005 detects Local Authorized APs/BSSIDs as Spoofed


Userlevel 3
Article ID: 15064

Products
C20, C25, C4110, C5110, C5210, V2110; firmware 8.21.05.0005, 8.21.06.0006
IdentiFi (formerly Enterasys, HiPath) Wireless Controller

Symptoms
Some known BSSIDs are marked as Spoofed, Internal Honeypot, or Rogue.
In some cases the radios of the threat-designated Access Point (AP) are disabled.

Cause
Several variations of this issue can yield largely the same symptoms.

Solution/Workaround
Upgrade to firmware 8.21.07.0006 or higher.
Release notes state, in the 'Changes in 8.21.07.0006' section:
code:

wns0008416

code:

Corrects an issue that could result in a false positive event whereby an authorized AP is mis-classified as a threat.



Pre-upgrade workaround:
    Identify the false threat items in the Active Threats Report.
  1. Add them to the friendly list.
  2. Go to the Radar->Maintenance->Friendly page and make them Authorized.
  3. Check on the Radar->Maintenance->Authorized page that the BSSIDs/MACs are there.

0 replies

Be the first to reply!

Reply