Cisco :: 4402 Light Weight APs Drop Out After Land Attack
Sep 12, 2012
We have a WLAN consisting of a WLC 4402 and 11 lightweight APs. For security/compliance reasons we have a Cisco PIX firewall that sits between the WLC (outside) and the APs (inside). The APs are allowed to form LWAPP tunnels through the firewall (inside access-list) to the WLC and the WLAN works as expected.The firewall then limits traffic from the WLAN (outside access list) to certain the internal systems.I have noticed that every so often the firewall logs show continuous "Land attack from 0.0.0.0 0.0.0.0" messages then all APs are disconnected (all lights flash).
View 2 Replies
ADVERTISEMENT
Mar 27, 2011
We are getting continuously log created as below in ASA 5510. I suspect something is going wrong (like system is getting compromised ? )
Note: I have changed the actually public IP to 1.1.1.1 for some security cause.
Log..
Mar 18 21:46:19 124.153.100.44 Mar 18 2011 21:46:22: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1Mar 18 21:46:19 124.153.100.44 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1Mar 18 21:46:20 124.153.100.44 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1Mar 18 21:46:21 124.153.100.44 Mar 18 2011 21:46:24: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1(code)
View 3 Replies
View Related
Mar 21, 2013
We are getting below logs in our Syslog, how could i stop this."%ASA-2-106017: Deny IP due to Land Attack from 161.233.167.65 to 161.233.167.65 "
View 1 Replies
View Related
Apr 15, 2013
I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.
View 1 Replies
View Related
Feb 11, 2013
At the present, we have two WLCs (5508). There are a total of 84 LAPs (1242AG). One controller is configured as the master controller in which all our APs associate to. It's currently running software version 7.0.116.0 and some of our BYODs using Windows 8 are unable to connect to the wireless. The fix for this is to upgrade the software of the WLC so that the LAPs can obtain the update to solve this problem. Simple! However, before rolling this out into the production wireless network, I would like to test it out on our second WLC which has no LAP associations, a test WLAN configured, and a newer software image loaded (7.4.100.0). I have a spare LAP that was previously associated with the master controller running the same software version (7.0.116.0). What I'm looking to do is associate this LAP to the 2nd WLC instead of the master so that I can ensure that the LAP gets the newest software. Then, I would like to test a Windows 8 device to make sure it connects.So far, I have done the following:
1. Disabled the 1st WLC from using Master Controller Mode and rebooted AP - result was unsuccessful; still associated to 1st WLC.
2. Reset LAP configuration excluding static IP info and reset AP - result was unsuccessful; still associated to 1st WLC.
3. Compared config for both WLC but since I'm new to these devices, I'm not sure what needs to be configured/changed.
View 4 Replies
View Related
Nov 3, 2011
I have been installing Light Weight AP's and these make LMS device discovery take much longer because they are found via CDP but do not run SNMP. So you suffer the SNMP retry and wait time for each one which adds up with several hundred AP's. I added the CDP platform description they announce via CDP to system-config.xml but this didn't do the trick. I have updated system-config.xml successfully in the past to add ATA's and 7936 conference phones and this stopped discovery from processing these devices. So I was surprised when this didn't work for LW AP's. The CDP platform of the AP's looks like this (from show cdp n):
Platform: cisco AIR-CAP3502E-A-K9 , Capabilities: Trans-Bridge
So you can see cisco is all lower case and there appears to be spaces at the end before the comma. I thought the spaces might be the problem so I added them in system-config.xml but this didn't work. When I display system-config.xml with the XML editor in IE it does not show spaces at the end even though they are their when I look at the file with notepad. When I enable debug for discovery it shows these being added to the bypass table for CDP discovery but it still tries to process them. This is LMS 3.2 on Windows Server 2003. I use the CDP module for discovery.
View 6 Replies
View Related
May 29, 2012
Recently, our company wireless AP 1262 connected more than 40+ clients, and sometimes the wireless access speed is too slow. those clients are only for MES data transfer, the date no more than 10K of each stations. So I'd like to know if the one AP can support the network traffic if whole testers transfer the data to Database via this wireless AP1262? and the WLC no clients roaming option for which clients can connect to another AP around. I have checked the WLC and AP configuration. no option for clients roaming to another APs, do you know how to configure this AP's Clients move to another APs?If we setup the new APs in the location, does the clients will be auto connect to this new AP?
View 7 Replies
View Related
Sep 4, 2012
I have configued Cisco LAP 1242AG with statis IP.I have connected LAP to WLC.I am able to ping WLC management interface IP Address from LAP's console.LAP is failed to Join WLC with error "Could not resolve CISCO-SAPWAP-CONTROLLER"
View 3 Replies
View Related
Jan 17, 2013
Is the process for converting 1260 APs to lightweight mode any different from converting 1140s or 1250s? I've converted several APs to LWAP mode but this is my first 1260. Four 1260s need to be converted.I have one in a remote location that seems to be comatose. Here are the steps I took to convert the AP. Did skip/miss a step?
1. uploaded code to the AP ap3g1-rcvk9w8-tar.152-2.JB.tar
2. configured the AP for DHCP. It successfully leased a DHCP address. Controller information is provided via DHCP Option 43.
3. saved the configuration
4. verified the code, successful
5. disabled wireless radios
6. installed the lightweight code using the command archive download-sw /safe flash:/ap3g1-rcvk9w8-tar.152-2.JB.tar.The installation was successful
7. rebooted the AP
After that nothing. The AP has not leased another IP address. The switchport is active. The APs MAC address is registering in the switches MAC address table. The AP is receiveing PoE from the switch. I noticed that this AP is only receiving 6.2W of power where the three are getting anywhere between 8.8W and 9.3W. I am unable to ping the old static IP of the AP too.
View 4 Replies
View Related
Jan 15, 2013
I do have 1131 LWAPP in home, i was wondering if i can convert to Autonomous . I read in the documentation, that only way is to use with controller. can i convert without connecting to WLC .
View 1 Replies
View Related
Mar 19, 2012
I have 1042 Light weight AP and i want to convert it to Autonomous mode . i dont find any particular image for this conversion ..when i try to find autonomous image for 1040 its showing "c1140-k9w7-tar.124-25d.JA1.tar"........can i use this image ?...
View 1 Replies
View Related
Jan 11, 2012
One of my customers asked me to configure a WLC 2106 and 2 LAP 1131AG (lightweight) for corporate/guest Wifi. Basically they want to implement a good wifi connection for internal use and a guest one with different QoS. The two lans should both have dhcp but they must bet kept segregated so that none from the Guest wifi can access corporate resources.
Since i've never configured a WLC from scrath i lightly supposed it would be quite straigh forward as routers and switches from Cisco.Unfortunately i was totally wrong.
I've downloaded the "Cisco Wireless LAN ControllerConfiguration Guide" (Soft.Release 6.0 June 2009) and after i red it i made up this workflow
for the configurations:
1) Configure Controller: (via serial)
- Set Management Interface parameters (IP- SM - Def GW - Dhcp server IP)
- Set Ap-Manager Interface parameters
- Virtual Interface parameters
- Set Admin Credentials
- Dhcp Configuration (internal and/or external)
2) Ap registration on the controller
- Configure vlan with dhcp request redirection to the dhcp server
3) Configure Wlan following customer's requests.
- Configure Wlan Auth for Corporate/Guest Wifi
- Configure QoS for both Wlans
Unfortunately i'm experiencing issue while trying joining the AP to the WLC.It appers that the IT guy of my customer tried to configure one of the Ap.In that Ap's flash i find files referring to a "mesh" configuration like: [code]
View 11 Replies
View Related
Feb 21, 2013
When I tried to download software for WLC44xx, I noticed both mesh and standard software releases. Do I need to keep seperate controller for mesh APs?.
WLC with standard sw can not handle mesh APs?
View 6 Replies
View Related
Apr 30, 2012
My access point 1042 series in light weight mode reloads itselft every time it booting, sometimes it boot succesfully.
View 2 Replies
View Related
Jun 26, 2012
I can't make skype calling on any land line or cell phone anymore. I think I Isp have blocked it. Is it possible that any isp can block ant internet calling?
View 17 Replies
View Related
Jul 22, 2011
I previously asked if I should be concerned that the Internet light on my Linksys E3000 router doesn't light up when I have Internet access. Well recently I had to do a reset and I noticed that during the reset it does in fact light up, but it doesn't come on when the router is done with the reset!
View 1 Replies
View Related
Mar 2, 2011
I am trying to light up every port light on a 3750g. There is not anything plugged into them and I would like to know (just for fun) is there a way to make every port light 1 - 48 turn on using a command?
View 3 Replies
View Related
Feb 12, 2013
I manage a CISCO 4404 WLC with about 46 access points across our WAN. System works very well, serving trusted users, guests etc very well.However, over the last month or two we have had an issue where we have had high load on our WAN.We have traced this down to the CISCO 4404, about 3-4 times a day, the controller connects to every access point and transmits about 5-8mb of data on port 5427. This in itself would not be a problem, but it connects to all 46 at the same time.
View 13 Replies
View Related
Jun 29, 2012
I am wondering how to change my internet IP address as someone is DDOS attacking me on a daily basis. I have tried all the ipconfig stuff, and unplugged my modem for an hour. Not sure what to do at this point. Plugging my PC directly to the modem changes my IP, but then when I plug my PC back into my router, it changes back.
View 1 Replies
View Related
Mar 19, 2011
I have multiple questions about the PIX 525 software version 8.0(2) ASDM 6.0 (2)I am a windows network admin that is new to Cisco and routing in general. I have read through the forums and the Cisco documentation, but have not been able to fully understand the topics discussed within.
1. Anti-Spoofing Attack Protection
2. Scanning Threat Detection - Auto Shun
3. NTP Sync Verification
4. QoS implementation5. IOS and ASDM Backup
This option is currently DISSABLED for all interfaces.I know what ip address spoofing is, but what is the functionality of these options specifically? How does it work and should I enable it and for which interfaces? Second Question: Scanning Threat Detection - Auto Shun
I found this option in ASDM under: Configuration --> Firewall --> Threat Detection.Enable Basic Threat Detection and Enable Scanning Threat Detection are both currently ENABLED, but Shun Hosts detected by scanning threat is currently DISABLED. Also, the Networks Excluded from Shun field is empty. I know what the shun command does. I have used it many times when I have been fortunate enough to catch some piece of **** trying to spam my mail server or gain access to it.
What I am asking specifically is how does the Auto Shun work? Should I enable it and what are the potential consequences? Also, what exactly is a scanning attack?
I am not familiar enough with the PIX and with the topics discussed in the document to successfully apply the info within. Plus, I'm not sure it covers the kind of basic, all-inclusive bandwith cap I would like to put in place.
The goal is to cap the maximum internet (outside) bandwidth that inside5 can use to a reasonable percentage while allowing the other interfaces to have the remainder.
How would I go about this implementation? 2. Is there a way to allow inside1 - inside4 to use max bandwidth when there is no traffic on inside5?
I am probably, at least, the third owner of this device and I do not have an account with Cisco nor can my tiny (perhaps non-exsistant given the current economic state) IT budget afford any form of support or software licensing with them.My goal is to backup the IOS and ASDM data in the event that I have to replace the device due to a hardware failure.
I found a file transfer function within ASDM which allowed my to copy the files pix802.bin, asdm-602.bin and tfp from flash to my desktop computer. I also have a copy of the activation key info and my current configuration.
1. Have I backed up all the data/info I would need to restore this software and ASDM to another unit.
2. The activation key screen also has a serial number field. Is this the hardware serial number or is it for the software? and is it tied to this device specifically or can I use it to restore another unit if necessary?
3. Is there anything else I should do or be aware of regarding backup and restore for the PIX?
4. What is the tfp file?
View 1 Replies
View Related
Feb 2, 2012
Is there anyway to block a DDOS attack? I dont know to much about DDOS attacks and how they work, but i think i understand a little bit of it. Is there no way to configure a firewall to detect rapid, spontaneous,continuous amounts of fragmented, random data coming from an IP address? Wouldn't the data coming in from a DDOS server be somewhat distinct from data that flows normally
View 19 Replies
View Related
Jan 21, 2011
I'm on my 3rd Virgin media 615 today, the last one arrived yesterday and I opened the box to fine a rev d with old bios installed, throw hands in air and all that and then proceeded to upgrade to 4.13 which I have found to be stable and work ok, the other two grow to have the wireless failure issue, I could moan here about VM but hey there's no point so I have come here for adviseafter I found the last one wireless going down, daily trips from the kids down to me to ask why the internet isn't working etc etc I started to investigate, I found the 4.13 and gened up a bit, looked at the 3rd party code and came back to Dlinks own code, anyway I have seen in the last few days hundreds of similar port scans. [code]
Now is the the router being a little sensitive to harmless software companys scans to see if products installed etc or are they something to worry about now I know whats going on if its the latter, and I don't think anyones got in yet but I would like to ban these ip's and to be honest I'm not sure of the best way also I noted a UDP active session that not a part of my subnet too mine being a standard 192.168.0.*and the other being 192.168.4.*.
View 3 Replies
View Related
Apr 12, 2011
I have a Cisco asa 5510. I am doing attack a my firewall, using n map. I am seeing in the log the attack but i like that firewall send only alarm of attack by email . I have active email with warning and i received very much email.
I observed that graph show attack, but not ip of attacker, is possible that Cisco asa show the ip too ? The log show scanning with n map but not shunning IP and not send alarm. How i can send alarm ? The graph no show ip, it's possible show it.
View 10 Replies
View Related
Jan 6, 2012
Is the E1000 hw 2.1 with v2.1.02 susceptible to the WPS brute force attack like the E4200 is?
View 5 Replies
View Related
Oct 14, 2012
I study at University of Ostrava and currently I am working on my master thesis. Its content is realization of few attacks on network. Now I am trying to implement ICMP redirecting attack by using Intercepter program. Diagram of my netwok you can see on enclosed picture (Schema.jpg). Through Intercepter program I generate packets ICMP redirect (ICMP type 5), which are successfully sent from PC Attacker, but these packets do not arrive to PC Victim and Warshark shows me messages „ Destination Unreachable (Host Unrecheable).“ When I use instead of Cisco switch non Cisco switch (for example: Edimax) or hub, ICMP redirects packets arrive to PC Victim and I can continue in the attack?
SW:
Switch is in the defautl setting
Cisco Catalyst 2960 IOS: c2960-lanbasek9-mz.122-50.SE3.bin
Router:
Set only IP address on FastEthernet interfaces
Cisco 2801 IOS: 2801-ipbasek9-mz 124.25f.bin
View 11 Replies
View Related
May 5, 2011
Currently in my office have a TPlink wireless router (WR1043N), and Dlink 615 router.Below is my office's network organization.Internet-->TPLinkRouter(192.168.2.0)-->DlinkRouter(192.168.0.0)We want to host a demo website but we are afraid our network being attacked. So we wish to implement a DMZ network to hide our internal network from outside. My question is can i setup a dmz network with the above capabilities by using home routers?
View 5 Replies
View Related
Sep 3, 2010
Does Cisco ASA5510 or 5520 can protect DDos attack and sync flood ?I have problem on this, so how can i protect on this, some time i saw on my log like this"sync flood " or "ddos to xxx.xxx.xxx.xxx" the ip address random .
View 7 Replies
View Related
Feb 13, 2011
I m using DIR600 router. from few days my router shows smas port scan attack detected. then how to prevent this type of attack.
View 2 Replies
View Related
Sep 15, 2012
As per CISCO QoS document URL, IOS from 12.2(13)T support drop command in policy map. But our CISCO ASR 1013 having IOS of Version 15.2(1)S1 doesn't have drop syntax.How can we drop specific application using QoS in ASR 1013 of IOS version 15.2 and higher?,Can I allow few users for a particular application (like P2P) and drop other users based on users source IP?
View 2 Replies
View Related
May 22, 2012
I having a basic query in troubleshooting E1 link , here im facing packet drop in the link and we are testing by providing local loop and remote loop from the CSU/DSU at local point and at remote point . I have tried ping test while the loop is given at local point and remote point ie i have pinged my local serial interface IP address (eg 10.0.0.1 -local & 10.0.0.2 -remote ) in Remote Loop i could see no errors and drops and also the traffic on the interface output and input is the same(eg input rate 1000bps and output rate 1000bps) .My query is that when i am pinging the local interface IP does the icmp packet travels till the loop point and comes to the same interface(like a boomerang) .
ICMP packet
->->->->->->->->->->->->->->->
R1 Local CSU/DSU | Remote CSU/DSU (remote loop given )
O-----------O------------------------------O |--------------------------------------O R2
<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-|
View 5 Replies
View Related
May 8, 2013
We've had Cisco 1252 APs running on PoE (3750E gives the port 20W of power) for well over 3 years with no problems. These have not been touched, moved or configured since they went in.
All of sudden we're seeing these APs drop off the network and investigations reveal that they show as IEEE PD when you do a show power inline.
Some of these are slated to be replaced after the ports were changed, the cables replaced and port reset (also an old spare 1252 was inserted in to one of these ports and it came up fine, indicating an issue with these APs).
If it was one or two then maybe I could believe that the APs are at fault, but with so many (10 so far) I'm struggling to believe it. Could it be the code we are running on the switches? We are running 12.2(50)SE3.
View 6 Replies
View Related
Jul 18, 2011
my Cisco anyconnect VPN clients are able to access all of my internal networks accept to another site which has a IPSEC VPN site-to-site. The Cisco ASA forwards the packets destined to this remote site to a Cisco router which NATS the source addresses (pool 10.17.252.0/24) to a 192.168.46.0 range. The remote network is 155.x.x.x which I have included in my internal subnets object-group and added a route on the ASA to route it inside.
I have configured NAT so that it does not NAT anything from the anyconnect client range to the internal subnets. I am using version 8.3(2) and the NAT rule is:
nat (outside,inside) source static SSLPOOL SSLPOOL destination static INSIDE_NETS INSIDE_NETS
I can still not connect to the remote side via the VPN; when I run this throught packet-tracer, I get a failure on phase 6:
Type: WEBVPN-SVC
Subtype: in
Result: DROP
Result:Drop reason: (acl-drop) Flow is denied by configured rule
I cant seem to work out what it is that is blocking it. The NAT rule above is rule 1 in case some other NAT rule is causing the issue..
View 1 Replies
View Related
Apr 2, 2012
i see that the wifi on the SRP Freezes. If i am connected via lan, i can still surf the net or connect to another access point on the network and surf. But the wiress devides connected to the SRP loose connectivity even though it shows that the wifi connection is connected. I am running on the latest firmware. this problem has started occcuring only recently
View 3 Replies
View Related
