Guest

Preview Tool

Cisco Bug: CSCvt68068 - Cisco Wave 2 APs: Reports itself as a Threat and logs "AP Impersonation" alerts

Last Modified

Aug 31, 2020

Products (1)

  • Cisco Aironet 1850 Series Access Points

Known Affected Releases

8.10(121.0) 8.10(121.1) 8.10(122.0) 8.10(128.83) 8.9(4.42) ap-17.2.1.11

Description (partial)

Symptom:
AP reports itself as a Threat and logs "AP Impersonation" alerts/traps, but there is no impact other than excessive logs for a false positive.

In AireOS, we can see a trap like the following:
- Impersonation of AP with Base Radio MAC XX:XX:XX:XX:XX:XX using source address of XX:XX:XX:XX:XX:XX (one of its own BSSIDs) has been detected by the AP with MAC Address: XX:XX:XX:XX:XX:XX (itself) on its 802.11abgn radio whose slot ID is 0


In C9800 IOS XE controllers, the AP MAC address in the "Threat MAC address" column (GUI) is the same MAC address as the one in an "AP Impersonation" alert event or trap. The AP reported under Threat MAC address is the AP's own MAC address. It was verified that this AP is not classified as Rogue in the controller's output.

Conditions:
This was observed in both AireOS 8.10.121.0 and C9800 running 17.2.1.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.