AP7522, Unable to work out an Error Code that im receiving

Use 3 WiNG Access Points in a Warehouse with 1 being the controller for the other two.

Receiving an Error Code on our Greylog:

ZEBRA-03 %DATAPLANE-4-DOSATTACK: BAD_PACKET: Bcast/Mcast ICMP not allowed : Src IP :, Dst IP:, Src Mac: B0-7F-B9-41-A5-38, Dst Mac: 01-00-5E-00-00-01, ICMP type = 9, ICMP code = 0, Proto = 1.

Cannot Work out what the issue is and how to fix it, Error Messages come in ever couple of seconds.

Also when looking at the Access Points Event History i get:
Client Assosiated to wlan ssid on radio....
Client Disassociated from wlan dot11i 4way handshake timeout
Client failed handshake on wlan.

Not sure if the these two issues relate or if two different issues, I've tried to change handshake timeout and it stopped the Client Assosiated Issue for a few minutes before coming back but the Greylog Error Code continued.

If someone knows how to sort these issues please help.

3 replies

Userlevel 3

The DOS firewall is aggressive in flagging questionable date.

please follow Best Pratices -

Important - please do not disable the firewall itself.

As far as the 4 way handshake, if increasing the TIMEOUTS and retries does not fix the problem, you may need to open a case with GTAC
Userlevel 4
DOS attack error states that you have multicast ICMP packet in you network coming from B0-7F-B9 OUI which is Netgear. WiNG firewall flags it and drops it. This has nothing to do with handshake timeout on wireless clients that you see. That can be a result of bad coverage or something else.
Thank you I will have a look at the Best Practices,

I'll have another go at changing the 4 way hanshake Timouts and Retries maybe I did something wrong.

Alona - Thanks for clarifying that the two issues are not related on the other hand means i have 2 issues and not 1 haha.