Filter
Top Products
1-53
FAQ and Troubleshooting Guide for the CiscoWorks Wireless LAN Solution Engine
OL-8376-01
Chapter 1 FAQs and Troubleshooting
Intrusion Detection System FAQs and Troubleshooting
–
First, a rogue is detected which has an RSSI value higher than the configured threshold. For
example, it has an RSSI value of -60dBm and the configured threshold is -80dBm.
–
Then, the rogue is not seen for a while, and the WLSE marks it for deletion. (Rogue APs that
are not heard from for a long time are candidates for deletion from the WLSE.)
Interference Detection
Q.
Are the Network-Wide > Interference Detection settings of -87dbm for 10% always the same, or
are they the optimal recommended values, or are they calculated depending on the environment?
Should they be left alone, or are there any recommendations?
A.
This is the default setting. If it is not adequate, you will need to experiment to find the proper setting
for your environment.
APs in Scanning-Only Mode
Q.
Why are the APs running in scanning-only mode having problems with sporadic connection loss and
image upgrade failure?
A.
In a heavy-load environment, APs running in scanning-only mode may face sporadic connection loss
and image upgrade failure. To resolve these problems, use the following configuration commands
to balance CPU time:
scheduler interval <100-xxx>
scheduler allocate <3000-xxx> <1000-xxx>
Many newer Cisco platforms use the command scheduler allocate instead of scheduler interval.
The scheduler allocate command takes two parameters: a period in microseconds for the system to
run with interrupts enabled, and a period in microseconds for the system to run with interrupts
masked. Please refer to the IOS documentation for more information about these commands.
Q.
Which WLSE IDS functions require dedicated scanning APs?
A.
Only the Unregistered Client function requires a scanning AP.
Intrusion Detection System Troubleshooting
This section contains the following information for troubleshooting the Intrusion Detection System:
• Q.I configured the Friendly AP-to-Rogue AP no-observation period as 5 minutes, moved a rogue AP
(AP1) to the friendly list, and shut down its radio. After 5 minutes, AP1 was moved to the rogue AP
list. When I moved AP1 back to the friendly list, it was immediately (with in 40 seconds) moved
back to the rogue AP list.
• Q.What should I do when my system is overrun with rogue APs?
• Q.The SSID field in the Manage Rogues > Rogue AP List report is being displayed in hexagonal
format (for example, "\x00\x00\x00\x00\x00\x00\x00\x00\x00"). What causes this?
Q.
I configured the Friendly AP-to-Rogue AP no-observation period as 5 minutes, moved a rogue AP
(AP1) to the friendly list, and shut down its radio. After 5 minutes, AP1 was moved to the rogue AP
list. When I moved AP1 back to the friendly list, it was immediately (with in 40 seconds) moved
back to the rogue AP list.