List of Wi-Fi Cloud Events and Alerts

These sections describe the types of events and alerts that are tracked in Wi-Fi Cloud that can appear on the Events page in Manage or on the Monitor Alerts page in Discover.

To configure the notifications for these events and alerts, for Manage, see Configure Event Notifications. For Discover, see Configure Alerts.

Security or WIPS Events and Alerts

Security or WIPS events and alerts are categorized based on the wireless security threats:

  • Rogue AP
  • Indeterminate AP active
  • Offline:Rogue AP detected
  • Banned AP active
  • Rogue AP active
  • Non-authorized AP operating on non-allowed channel
  • Mis-configured AP
  • Authorized AP in WDS mode
  • Potentially Authorized AP active
  • Mis-configured Authorized AP active
  • Authorized AP operating on non-allowed channel
  • Misbehaving Clients
  • Offline:Authorized Client association with Rogue AP
  • Offline:Authorized Client association with External AP
  • Offline:Authorized Client association with Honeypot AP
  • Offline:Unauthorized/Uncategorized Client association with Authorized AP
  • Offline:Unauthorized/Uncategorized Client association with Rogue AP
  • Offline:Soft AP detected
  • Unauthorized Client connection to Authorized AP
  • Client authenticating using non-compliant authentication type
  • Banned Client active
  • Authorized Client connection to Authorized Guest AP
  • Authorized Client mis-association
  • Client in Bridging/ICS configuration
  • Rogue Client active
  • Guest Client mis-association
  • Unauthorized Client connection to Guest AP
  • Soft Mobile Hotspot AP or Windows Virtual AP Active
  • Ad hoc Network
  • Offline:Authorized Client in Ad hoc connection
  • Authorized Client participating in ad-hoc network
  • Man-in-the-Middle
  • Offline:Honeypot AP detected
  • PS-Poll attack in progress
  • Honeypot/Evil Twin active
  • DoS
  • RTS/CTS flood
  • Offline:DoS attack detected
  • Disassociation flood attack in progress
  • Disassociation broadcast attack in progress
  • Association flood attack in progress
  • Association table overflow
  • Deauthentication flood attack in progress
  • Deauthentication broadcast attack in progress
  • Authentication flood attack in progress
  • EAPOL Logoff flood attack in progress
  • EAPOL Start flood attack in progress
  • Premature EAP Success attack in progress
  • Premature EAP Failure attack in progress
  • Fake AP detected
  • Fake Client detected
  • MAC Spoofing
  • AP MAC Spoofing
  • Client MAC Spoofing
  • Prevention
  • Access point reached maximum prevention capacity
  • DoS Prevention
  • AP needs to be prevented
  • Client needs to be prevented
  • Reconnaissance
  • Excessive NULL probes detected

System Events and Alerts

System events and alerts refer to the health of the system and are categorized by Device or AP/Sensor, and Server.

  • Device or AP/Sensor
  • Authorized AP inactive
  • Authorized AP disconnected from network
  • New network detected
  • Access Point with incompatible version detected
  • Authentication failed for managed WiFi device
  • Device operating in Failsafe mode
  • Access Point firmware update failure count exceeded
  • Access Point not reachable
  • Tunnel endpoint switched
  • EoGRE tunnel endpoint down
  • RADIUS server not responding
  • Authentication RADIUS server switched
  • VAPs up for network profile
  • VAPs down for network profile
  • New device connected to server
  • Device disconnected from server
  • Device with old firmware version detected
  • Device firmware update failed
  • Device firmware version unavailable
  • Server
    • Automatic deletion done
    • Device connected rejected; license limit reached