Guest

Preview Tool

Cisco Bug: CSCur11060 - False positive on honeypot alert with multple SSIDs

Last Modified

May 30, 2018

Products (1)

  • Cisco Aironet 3700 Series Access Points

Known Affected Releases

8.0(100.0)

Description (partial)

Symptom:
The honeypot alert is triggered with multiple SSIDs in it, and one of which is the production SSID being monitored for honeypot.

Also, the "attacking" device was never in AP mode broadcasting the production SSID. Instead, it connects to production SSID as client only, then may set up MIFI with different SSID as AP later. The honeypot alert will be triggered later with both SSIDs in it.

Conditions:
SSID monitoring testing

Related Community Discussions

8.0MR3 Beta Availability
8.0.122.x Available - 8.0MR3 Beta 8.0MR3 (8.0.132.0) is now posted, the beta process is closed. Thanks for all the feedback! Resolved Caveats CSCtl96208 capwap ap hostname CLI returns "ERROR!!! Command is disabled." CSCtu45614 Spectrum Management Bit Should be set to 1 all the time CSCul07738 DPAA Tx/Rx stuck; reload due to ethernet interface receive failure CSCum86031 Roaming 5508 to 5760 applies wrong QOS policy on configuring aaa-overrid CSCun12965 Lightweight AP should not send jumbo frame by ...
Latest activity: Apr 01, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.