Wi-Fi Cloud Events and Alerts
Applies To: Wi-Fi Cloud-managed Access Points (AP125, AP225W, AP325, AP327X, AP420)
To configure the notifications for these events and alerts in Discover, see Configure Alerts.
Security or WIPS Events and Alerts
Security or WIPS events and alerts are categorized based on the wireless security threats:
- Rogue AP
- Indeterminate AP active
- Offline: Rogue AP detected
- Banned AP active
- Rogue AP active
- Non-authorized AP operating on non-allowed channel
- Mis-configured AP
- Authorized AP in WDS mode
- Potentially Authorized AP active
- Mis-configured Authorized AP active
- Authorized AP operating on non-allowed channel
- Misbehaving Clients
- Offline: Authorized Client association with Rogue AP
- Offline: Authorized Client association with External AP
- Offline: Authorized Client association with Honeypot AP
- Offline: Unauthorized/Uncategorized Client association with Authorized AP
- Offline: Unauthorized/Uncategorized Client association with Rogue AP
- Offline: Soft AP detected
- Unauthorized Client connection to Authorized AP
- Client authenticating using non-compliant authentication type
- Banned Client active
- Authorized Client connection to Authorized Guest AP
- Authorized Client mis-association
- Client in Bridging/ICS configuration
- Rogue Client active
- Guest Client mis-association
- Unauthorized Client connection to Guest AP
- Soft Mobile Hotspot AP or Windows Virtual AP Active
- Ad hoc Network
- Offline: Authorized Client in Ad hoc connection
- Authorized Client participating in ad-hoc network
- Man-in-the-Middle
- Offline: Honeypot AP detected
- PS-Poll attack in progress
- Honeypot/Evil Twin active
- DoS
- RTS/CTS flood
- Offline: DoS attack detected
- Disassociation flood attack in progress
- Disassociation broadcast attack in progress
- Association flood attack in progress
- Association table overflow
- Deauthentication flood attack in progress
- Deauthentication broadcast attack in progress
- Authentication flood attack in progress
- EAPOL Logoff flood attack in progress
- EAPOL Start flood attack in progress
- Premature EAP Success attack in progress
- Premature EAP Failure attack in progress
- Fake AP detected
- Fake Client detected
- MAC Spoofing
- AP MAC Spoofing
- Client MAC Spoofing
- Prevention
- Access point reached maximum prevention capacity
- DoS Prevention
- AP needs to be prevented
- Client needs to be prevented
- Reconnaissance
- Excessive NULL probes detected
System Events and Alerts
System events and alerts refer to the health of the system and are categorized by Device or AP/Sensor, and Server.
- Device or AP/Sensor
- Authorized AP inactive
- Authorized AP disconnected from network
- New network detected
- Access Point with incompatible version detected
- Authentication failed for managed WiFi device
- Device operating in Failsafe mode
- Access Point firmware update failure count exceeded
- Access Point not reachable
- Tunnel endpoint switched
- EoGRE tunnel endpoint down
- RADIUS server not responding
- Authentication RADIUS server switched
- VAPs up for network profile
- VAPs down for network profile
- New device connected to server
- Device disconnected from server
- Device with old firmware version detected
- Device firmware update failed
- Device firmware version unavailable
- Access Point reboot
- Server
- Server started
- Server stopped
- High Availability server switch
- Database backup result
- Database restore result
- Automatic deletion done
- Data Sync link up
- Data Sync link down
- Database Sync lagging
- Device connection rejected; licensed limit reached.
Wi-Fi Alerts
- Client connection failure
- Baseline exceeded the threshold
- Average latency exceeded the threshold
- Number of associations on AP exceeded the threshold
- Number of associations on location exceeded the threshold
- Scheduled client connectivity test failed