Where having a problem on one of our AP's. Where getting a lot of e-mail with the message below. Does anyone now how to find the problem and eliminate it?
L2 DoS: interface wifi0(klant) station 54e4:3a**:****: receiving probe req frames exceed 1200 PPM Event Event Type:L2DoS Trap Type:Threshold Crossing Device ID:4018B****** Device Name:AP02 Time:08-27-2014 15:18:39 Message:[wifi]: L2 DoS: interface wifi0(klant) station 54e4:3a**:****: receiving probe req frames exceed 1200 PPM.
(The reason that you cannot use Wireshark under Windows is that WinPcap does not yet support NDIS 6.0 or later, required for a monitor mode capture. Occasionally, you need to update the driver installed or use a different adapter if monitor mode is not supported.)
By performing a lookup of the OUI of the device from the MAC address, you should be able to determine the vendor.
Then, you will want to attempt to locate that device around the access point. (Various tools do exist to help you to triangulate, but that is outside the scope of this brief answer.)
Once you have located the naughty device, the usual first port of call is to ensure the software on it is up-to-date, or wireless drivers, as applicable.
So it's going to be a Mac or iDevice, I suspect running out-of-date software.
There's not much you can do if it's not one of your company's devices. More then likely, it's probably a users personal cell.
If I remember correctly, if you have the hive manager appliance you can change the thresholds, but if your on hive manager online, you can't. But then again, I was looking into this about a year and half ago so I could be wrong.
I get these all the time on my wireless network. It's always a device that 's not part of our network.
The trick is getting a good location and being proactive in asking if you need to.