Cisco :: 4402 Light Weight APs Drop Out After Land Attack

Sep 12, 2012

We have a WLAN consisting of a WLC 4402 and 11 lightweight APs. For security/compliance reasons we have a Cisco PIX firewall that sits between the WLC (outside) and the APs (inside). The APs are allowed to form LWAPP tunnels through the firewall (inside access-list) to the WLC and the WLAN works as expected.The firewall then limits traffic from the WLAN (outside access list) to certain the internal systems.I have noticed that every so often the firewall logs show continuous "Land attack from" messages then all APs are disconnected (all lights flash).

View 2 Replies


Cisco Firewall :: 5510 - Deny IP Due To Land Attack

Mar 27, 2011

We are getting continuously log created as below in ASA 5510. I suspect something is going wrong (like system is getting compromised ? )
Note: I have changed the actually public IP to for some security cause.
Mar 18 21:46:19 Mar 18 2011 21:46:22: %ASA-2-106017: Deny IP due to Land Attack from to 18 21:46:19 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from to 18 21:46:20 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from to 18 21:46:21 Mar 18 2011 21:46:24: %ASA-2-106017: Deny IP due to Land Attack from to

View 3 Replies View Related

Cisco Firewall :: Land Attack Alerts ASA 5510

Mar 21, 2013

We are getting below logs in our Syslog, how could i stop this."%ASA-2-106017: Deny IP due to Land Attack from to "

View 1 Replies View Related

Cisco Firewall :: Launch LAND Attack Against Firewall ASA 5520

Apr 15, 2013

I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.

View 1 Replies View Related

Cisco :: Associating Light Weight AP To Specific WLC5508

Feb 11, 2013

At the present, we have two WLCs (5508).  There are a total of 84 LAPs (1242AG).  One controller is configured as the master controller in which all our APs associate to.  It's currently running software version and some of our BYODs using Windows 8 are unable to connect to the wireless.  The fix for this is to upgrade the software of the WLC so that the LAPs can obtain the update to solve this problem.  Simple!  However, before rolling this out into the production wireless network, I would like to test it out on our second WLC which has no LAP associations, a test WLAN configured, and a newer software image loaded (  I have a spare LAP that was previously associated with the master controller running the same software version (  What I'm looking to do is associate this LAP to the 2nd WLC instead of the master so that I can ensure that the LAP gets the newest software.  Then, I would like to test a Windows 8 device to make sure it connects.So far, I have done the following:
1. Disabled the 1st WLC from using Master Controller Mode and rebooted AP - result was unsuccessful; still associated to 1st WLC.

2. Reset LAP configuration excluding static IP info and reset AP - result was unsuccessful; still associated to 1st WLC.

3. Compared config for both WLC but since I'm new to these devices, I'm not sure what needs to be configured/changed.

View 4 Replies View Related

Cisco :: AIR-CAP3502E-A-K9 - How To Bypass Light Weight APs From LMS 3.2 Discovery

Nov 3, 2011

I have been installing Light Weight AP's and these make LMS device discovery take much longer because they are found via CDP but do not run SNMP. So you suffer the SNMP retry and wait time for each one which adds up with several hundred AP's. I added the CDP platform description they announce via CDP to system-config.xml but this didn't do the trick. I have updated system-config.xml successfully in the past to add ATA's and 7936 conference phones and this stopped discovery from processing these devices. So I was surprised when this didn't work for LW AP's. The CDP platform of the AP's looks like this (from show cdp n):
Platform: cisco AIR-CAP3502E-A-K9   ,  Capabilities: Trans-Bridge
So you can see cisco is all lower case and there appears to be spaces at the end before the comma. I thought the spaces might be the problem so I added them in system-config.xml but this didn't work. When I display system-config.xml with the XML editor in IE it does not show spaces at the end even though they are their when I look at the file with notepad. When I enable debug for discovery it shows these being added to the bypass table for CDP discovery but it still tries to process them. This is LMS 3.2 on Windows Server 2003. I use the CDP module for discovery.

View 6 Replies View Related

Cisco Wireless :: Clients Supported By Light Weight AP 1262?

May 29, 2012

Recently, our company wireless AP 1262 connected more than 40+ clients, and sometimes the wireless access speed is too slow.  those clients are only for MES data transfer, the date no more than 10K of each stations. So I'd like to know if the one AP can support the network traffic if whole testers transfer the data to Database via this wireless AP1262? and the WLC no clients roaming option for which clients can connect to another AP around. I have checked the WLC and AP configuration. no option for clients roaming to another APs, do you know how to configure this AP's Clients move to another APs?If we setup the new APs in the location, does the clients will be auto connect to this new AP?

View 7 Replies View Related

Cisco :: Light Weight Access Point 1242AG K9 Is Not Joining 2100

Sep 4, 2012

I have configued Cisco LAP 1242AG with statis IP.I have connected LAP to WLC.I am able to ping WLC management interface IP Address from LAP's console.LAP is failed to Join WLC with  error "Could not resolve CISCO-SAPWAP-CONTROLLER"

View 3 Replies View Related

Cisco Wireless :: Converting A 1260AP From Autonomous To Light Weight Mode

Jan 17, 2013

Is the process for converting 1260 APs to lightweight mode any different from converting 1140s or 1250s? I've converted several APs to LWAP mode but this is my first 1260.  Four 1260s need to be converted.I have one in a remote location that seems to be comatose. Here are the steps I took to convert the AP.  Did skip/miss a step?
1. uploaded code to the AP  ap3g1-rcvk9w8-tar.152-2.JB.tar
2. configured the AP for DHCP. It successfully leased a DHCP address. Controller information is provided via DHCP Option 43.
3. saved the configuration
4. verified the code, successful
5. disabled wireless radios
6. installed the lightweight code using the command archive download-sw /safe flash:/ap3g1-rcvk9w8-tar.152-2.JB.tar.The installation was successful
7. rebooted the AP
After that nothing. The AP has not leased another IP address. The switchport is active. The APs MAC address is registering in the switches MAC address table.  The AP is receiveing PoE from the switch. I noticed that this AP is only receiving 6.2W of power where the three are getting anywhere between 8.8W and 9.3W. I am unable to ping the old static IP of the AP too.

View 4 Replies View Related

Cisco Wireless :: 1131 Light Weight AP To Autonomous Conversion Without Controller

Jan 15, 2013

I do have 1131 LWAPP in home, i was wondering if i can convert to Autonomous . I read in the documentation, that only way is to use with controller. can i convert without connecting to WLC .

View 1 Replies View Related

Cisco Wireless :: 1042 - Convert Light Weight AP To Autonomous Mode?

Mar 19, 2012

I have 1042 Light weight AP and i want to convert it to Autonomous mode . i dont find any particular image for this conversion ..when i try to find autonomous image for 1040 its showing "c1140-k9w7-tar.124-25d.JA1.tar"........can i use this image ?...

View 1 Replies View Related

Cisco Wireless :: Configure WLC 2106 And LAP 1131AG (light Weight) For Corporate / Guest Wi-Fi

Jan 11, 2012

One of my customers asked me to configure a WLC 2106 and 2 LAP 1131AG (lightweight) for corporate/guest Wifi. Basically they want to implement a good wifi connection for internal use and a guest one with different QoS. The two lans should both have dhcp but they must bet kept segregated so that none from the Guest wifi can access corporate resources.
Since i've never configured a WLC from scrath i lightly supposed it would be quite straigh forward as routers and switches from Cisco.Unfortunately i was totally wrong.
I've downloaded the "Cisco Wireless LAN ControllerConfiguration Guide" (Soft.Release 6.0 June 2009) and after i red it i made up this workflow
for the configurations:
1) Configure Controller: (via serial)
- Set Management Interface parameters (IP- SM - Def GW - Dhcp server IP)
- Set Ap-Manager Interface  parameters
- Virtual Interface parameters
- Set Admin Credentials
- Dhcp Configuration (internal and/or external)

2) Ap registration on the controller
-  Configure vlan with dhcp request redirection to the dhcp server
3) Configure Wlan following customer's requests.
- Configure Wlan Auth for Corporate/Guest Wifi
- Configure QoS for both Wlans
Unfortunately i'm experiencing issue while trying joining the AP to the WLC.It appers that the IT guy of my customer tried to configure one of the Ap.In that Ap's flash i find files referring to a "mesh" configuration like: [code]

View 11 Replies View Related

Cisco Wireless :: WLC44xx To Support Both Light Weight And Mesh Access-points?

Feb 21, 2013

When I tried to download software for WLC44xx, I noticed both mesh and standard software releases. Do I need to keep seperate controller for mesh APs?.
WLC with standard sw can not handle mesh APs?

View 6 Replies View Related

Cisco Wireless :: Access Point 1042 Series In Light Weight Mode Reloads Itself

Apr 30, 2012

My access point 1042 series in light weight mode reloads itselft every time it booting, sometimes it boot succesfully.

View 2 Replies View Related

Can't Make Skype Calling On Any Land Line / Cell Phone Anymore

Jun 26, 2012

I can't make skype calling on any land line or cell phone anymore. I think I Isp have blocked it. Is it possible that any isp can block ant internet calling?

View 17 Replies View Related

Linksys Wireless Router :: Internet Light On E3000 Doesn't Light Up?

Jul 22, 2011

 I previously asked if I should be concerned that the Internet light on my Linksys E3000 router doesn't light up when I have Internet access. Well recently I had to do a reset and I noticed that during the reset it does in fact light up, but it doesn't come on when the router is done with the reset!

View 1 Replies View Related

Cisco WAN :: Light Up Every Port Light On 3750g?

Mar 2, 2011

I am trying to light up every port light on a 3750g.  There is not anything plugged into them and I would like to know (just for fun) is there a way to make every port light 1 - 48 turn on using a command?

View 3 Replies View Related

Cisco :: 4404WLC - Causing DOS Attack Several Times A Day

Feb 12, 2013

I manage a CISCO 4404 WLC with about 46 access points across our WAN. System works very well, serving trusted users, guests etc very well.However, over the last month or two we have had an issue where we have had high load on our WAN.We have traced this down to the CISCO 4404, about 3-4 times a day, the controller connects to every access point and transmits about 5-8mb of data on port 5427. This in itself would not be a problem, but it connects to all 46 at the same time.

View 13 Replies View Related

DDOS Attack - How To Change IP Address

Jun 29, 2012

I am wondering how to change my internet IP address as someone is DDOS attacking me on a daily basis. I have tried all the ipconfig stuff, and unplugged my modem for an hour. Not sure what to do at this point. Plugging my PC directly to the modem changes my IP, but then when I plug my PC back into my router, it changes back.

View 1 Replies View Related

Cisco Firewall :: PIX 525 Anti-Spoofing Attack Protection

Mar 19, 2011

I have multiple questions about the PIX 525 software version 8.0(2) ASDM 6.0 (2)I am a windows network admin that is new to Cisco and routing in general. I have read through the forums and the Cisco documentation, but have not been able to fully understand the topics discussed within.

1. Anti-Spoofing Attack Protection
2. Scanning Threat Detection - Auto Shun
3. NTP Sync Verification
4. QoS implementation5. IOS and ASDM Backup
This option is currently DISSABLED for all interfaces.I know what ip address spoofing is, but what is the functionality of these options specifically? How does it work and should I enable it and for which interfaces? Second Question: Scanning Threat Detection - Auto Shun
I found this option in ASDM under: Configuration --> Firewall --> Threat Detection.Enable Basic Threat Detection and Enable Scanning Threat Detection are both currently ENABLED, but Shun Hosts detected by scanning threat is currently DISABLED. Also, the Networks Excluded from Shun field is empty. I know what the shun command does. I have used it many times when I have been fortunate enough to catch some piece of **** trying to spam my mail server or gain access to it.
What I am asking specifically is how does the Auto Shun work? Should I enable it and what are the potential consequences? Also, what exactly is a scanning attack?
I am not familiar enough with the PIX and with the topics discussed in the document to successfully apply the info within. Plus, I'm not sure it covers the kind of basic, all-inclusive bandwith cap I would like to put in place.
The goal is to cap the maximum internet (outside) bandwidth that inside5 can use to a reasonable percentage while allowing the other interfaces to have the remainder.

How would I go about this implementation? 2. Is there a way to allow inside1 - inside4 to use max bandwidth when there is no traffic on inside5?
I am probably, at least, the third owner of this device and I do not have an account with Cisco nor can my tiny (perhaps non-exsistant given the current economic state) IT budget afford any form of support or software licensing with them.My goal is to backup the IOS and ASDM data in the event that I have to replace the device due to a hardware failure.
I found a file transfer function within ASDM which allowed my to copy the files pix802.bin, asdm-602.bin and tfp from flash to my desktop computer. I also have a copy of the activation key info and my current configuration.
1. Have I backed up all the data/info I would need to restore this software and ASDM to another unit.
2. The activation key screen also has a serial number field. Is this the hardware serial number or is it for the software? and is it tied to this device specifically or can I use it to restore another unit if necessary?
3. Is there anything else I should do or be aware of regarding backup and restore for the PIX?
4. What is the tfp file?

View 1 Replies View Related

Home Network :: How To Block A DDOS Attack

Feb 2, 2012

Is there anyway to block a DDOS attack? I dont know to much about DDOS attacks and how they work, but i think i understand a little bit of it. Is there no way to configure a firewall to detect rapid, spontaneous,continuous amounts of fragmented, random data coming from an IP address? Wouldn't the data coming in from a DDOS server be somewhat distinct from data that flows normally

View 19 Replies View Related

D-Link DIR-615 :: Xmas Port Scan Attack From WAN

Jan 21, 2011

I'm on my 3rd Virgin media 615 today, the last one arrived yesterday and I opened the box to fine a rev d with old bios installed, throw hands in air and all that and then proceeded to upgrade to 4.13 which I have found to be stable and work ok, the other two grow to have the wireless failure issue, I could moan here about VM but hey there's no point so I have come here for adviseafter I found the last one wireless going down, daily trips from the kids down to me to ask why the internet isn't working etc etc I started to investigate, I found the 4.13 and gened up a bit, looked at the 3rd party code and came back to Dlinks own code, anyway I have seen in the last few days hundreds of similar port scans. [code]

Now is the the router being a little sensitive to harmless software companys scans to see if products installed etc or are they something to worry about now I know whats going on if its the latter, and I don't think anyones got in yet but I would like to ban these ip's and to be honest I'm not sure of the best way also I noted a UDP active session that not a part of my subnet too mine being a standard 192.168.0.*and the other being 192.168.4.*.

View 3 Replies View Related

Cisco Firewall :: ASA 5510 - Send Only Alarm Of Attack By Email

Apr 12, 2011

I have a Cisco asa 5510. I am doing attack a my firewall, using n map. I am seeing in the log the attack but i like that firewall send only alarm of attack by email . I have active email with warning and i received very much email.
I observed that graph show attack, but not ip of attacker, is possible that Cisco asa show the ip too ? The log show scanning with n map but not shunning IP and not send alarm. How i can send alarm ? The graph no show ip, it's possible show it.

View 10 Replies View Related

Linksys Wireless Router :: E1000 V2.1 Susceptible To WPS Attack?

Jan 6, 2012

Is the E1000 hw 2.1  with v2.1.02 susceptible to the WPS brute force attack like the E4200 is?

View 5 Replies View Related

Cisco WAN :: 2801 IOS / Simulating ICMP Redirecting Attack On Laboratory Network

Oct 14, 2012

I study at University of Ostrava and currently I am working on my master thesis. Its content is realization of few attacks on network. Now I am trying to implement ICMP redirecting attack by using Intercepter program. Diagram of my netwok you can see on enclosed picture (Schema.jpg). Through Intercepter program I generate packets ICMP redirect (ICMP type 5), which are successfully sent from PC Attacker, but these packets do not arrive to PC Victim and Warshark shows me messages „ Destination Unreachable (Host Unrecheable).“ When I use instead of Cisco switch non Cisco switch (for example: Edimax) or hub, ICMP redirects packets arrive to PC Victim and I can continue in the attack?
Switch is in the defautl setting
Cisco Catalyst 2960 IOS: c2960-lanbasek9-mz.122-50.SE3.bin
Set only IP address on FastEthernet interfaces
Cisco 2801 IOS: 2801-ipbasek9-mz 124.25f.bin

View 11 Replies View Related

Routers / Switches :: Setup DMZ By Using Home Router To Prevent Attack?

May 5, 2011

Currently in my office have a TPlink wireless router (WR1043N), and Dlink 615 router.Below is my office's network organization.Internet-->TPLinkRouter(>DlinkRouter( want to host a demo website but we are afraid our network being attacked. So we wish to implement a DMZ network to hide our internal network from outside. My question is can i setup a dmz network with the above capabilities by using home routers?

View 5 Replies View Related

Cisco Firewall :: ASA5510 Or 5520 Can Protect DDos Attack And Sync Flood

Sep 3, 2010

Does Cisco ASA5510 or 5520 can protect DDos attack and sync flood ?I have problem on this, so how can i protect on this, some time i saw on my log like this"sync flood " or "ddos to" the ip address random .

View 7 Replies View Related

Routers / Switches :: How To Block Smas Port Scan Attack In Dir600

Feb 13, 2011

I m using DIR600 router. from few days my router shows smas port scan attack detected. then how to prevent this type of attack.

View 2 Replies View Related

Cisco :: To Drop Specific Application Using Qos In Asr

Sep 15, 2012

As per CISCO QoS document URL, IOS from 12.2(13)T support drop command in policy map. But our CISCO ASR 1013 having IOS of Version 15.2(1)S1 doesn't have drop syntax.How can we drop specific application using QoS in ASR 1013 of IOS version 15.2 and higher?,Can I allow few users for a particular application (like P2P) and drop other users based on users source IP?

View 2 Replies View Related

Cisco WAN :: Packet Drop In E1 Link?

May 22, 2012

I having a basic query in troubleshooting E1 link , here im facing packet drop in the link and we are testing by providing local loop and remote loop from the CSU/DSU at local point and at  remote point . I have tried  ping test while the loop is given at local point and remote point ie i have pinged my local serial interface IP address (eg -local  & -remote ) in Remote Loop  i could see no errors and drops and also the traffic on the interface output and input is the same(eg input rate 1000bps and output rate  1000bps) .My query is that when i am pinging the local interface IP does the icmp packet  travels till the loop point  and comes to the same interface(like a boomerang) .

ICMP packet
R1         Local CSU/DSU             |  Remote CSU/DSU (remote loop given )
O-----------O------------------------------O |--------------------------------------O R2

View 5 Replies View Related

Cisco :: 1252s And PoE - APs Drop Off Network

May 8, 2013

We've had Cisco 1252 APs running on PoE (3750E gives the port 20W of power) for well over 3 years with no problems. These have not been touched, moved or configured since they went in.
All of sudden we're seeing these APs drop off the network and investigations reveal that they show as IEEE PD when you do a show power inline.
Some of these are slated to be replaced after the ports were changed, the cables replaced and port reset (also an old spare 1252 was inserted in to one of these ports and it came up fine, indicating an issue with these APs).
If it was one or two then maybe I could believe that the APs are at fault, but with so many (10 so far) I'm struggling to believe it. Could it be the code we are running on the switches? We are running 12.2(50)SE3.

View 6 Replies View Related

Cisco VPN :: 8.3(2) / WEBVPN-SVC Action Drop

Jul 18, 2011

my Cisco anyconnect VPN clients  are able to access all of my internal networks accept to another site  which has a IPSEC VPN site-to-site. The Cisco ASA forwards the packets  destined to this remote site to a Cisco router which NATS the source  addresses (pool to a range. The remote  network is 155.x.x.x which I have included in my internal subnets  object-group and added a route on the ASA to route it inside.
I  have configured NAT so that it does not NAT anything from the  anyconnect client range to the internal subnets. I am using version  8.3(2) and the NAT rule is:
nat (outside,inside) source static SSLPOOL SSLPOOL destination static INSIDE_NETS INSIDE_NETS
I can still not connect to the remote side via the VPN; when I run this throught packet-tracer, I get a failure on phase 6:

Subtype: in
Result: DROP
Result:Drop reason: (acl-drop) Flow is denied by configured rule
I cant seem to work out what it is that is blocking it. The NAT rule above is rule 1 in case some other NAT rule is causing the issue..

View 1 Replies View Related

Cisco Routers :: SRP547W Wi-Fi Drop Out

Apr 2, 2012

i see that the wifi on the SRP Freezes. If i am connected via lan, i can still surf the net or connect to another access point on the network and surf. But the wiress devides connected to the SRP loose connectivity even though it shows that the wifi connection is connected. I am running on the latest firmware. this problem has started occcuring only recently

View 3 Replies View Related

Copyrights 2005-15, All rights reserved