Cisco Bug: CSCvt68068 - Cisco Wave 2 APs: Reports itself as a Threat and logs "AP Impersonation" alerts
Aug 31, 2020
- Cisco Aironet 1850 Series Access Points
Known Affected Releases
8.10(121.0) 8.10(121.1) 8.10(122.0) 8.10(128.83) 8.9(4.42) ap-18.104.22.168
Symptom: AP reports itself as a Threat and logs "AP Impersonation" alerts/traps, but there is no impact other than excessive logs for a false positive. In AireOS, we can see a trap like the following: - Impersonation of AP with Base Radio MAC XX:XX:XX:XX:XX:XX using source address of XX:XX:XX:XX:XX:XX (one of its own BSSIDs) has been detected by the AP with MAC Address: XX:XX:XX:XX:XX:XX (itself) on its 802.11abgn radio whose slot ID is 0 In C9800 IOS XE controllers, the AP MAC address in the "Threat MAC address" column (GUI) is the same MAC address as the one in an "AP Impersonation" alert event or trap. The AP reported under Threat MAC address is the AP's own MAC address. It was verified that this AP is not classified as Rogue in the controller's output. Conditions: This was observed in both AireOS 22.214.171.124 and C9800 running 17.2.1.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases