Yes, substantial interference will cause this, even on 5GHz. It could be noise at the AP, but only if all stations having high CCQs. If not, the CPEs are seeing another signal that either has very high signal or is on a near or overlapping frequency.
On Tue, Mar 8, 2016 at 12:53 PM, George Skorup <[email protected]> wrote: > Rory, I think you're seeing somewhat normal operation from the UBNT > radios. The AP heard nothing from that CPE in a while so it tore down the > session. CPE still thinks it's registered. AP says nope. Could be > interference. We saw this all the time in the 2.4 band w/ UBNT radios. > > > On 3/8/2016 9:03 AM, Rory Conaway wrote: > > I haven’t seen one on a Ubiquiti AP which is why I asked but when I get > back in town next week, I’m going to set it up so I can see how it works. > Our Xirrus radios have that feature. > > > > Rory > > > > *From:* Af [mailto:[email protected] <[email protected]>] *On > Behalf Of *Mike Hammett > *Sent:* Tuesday, March 08, 2016 6:02 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] I might be under attack by a competitor > > > > When a deauth is happening, the laptop doing the deauth impersonates the > AP, telling the client to disconnect. What I see below doesn't look like a > deauth attack. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > [image: http://www.ics-il.com/images/fbicon.png] > <https://www.facebook.com/ICSIL>[image: > http://www.ics-il.com/images/googleicon.png] > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>[image: > http://www.ics-il.com/images/linkedinicon.png] > <https://www.linkedin.com/company/intelligent-computing-solutions>[image: > http://www.ics-il.com/images/twittericon.png] <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > [image: http://www.ics-il.com/images/fbicon.png] > <https://www.facebook.com/mdwestix>[image: > http://www.ics-il.com/images/linkedinicon.png] > <https://www.linkedin.com/company/midwest-internet-exchange>[image: > http://www.ics-il.com/images/twittericon.png] > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > [image: http://www.ics-il.com/images/fbicon.png] > <https://www.facebook.com/thebrotherswisp>[image: > http://www.ics-il.com/images/youtubeicon.png] > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > > *From: *"timothy steele" <[email protected]> > *To: *[email protected] > *Sent: *Tuesday, March 8, 2016 6:28:42 AM > *Subject: *Re: [AFMUG] I might be under attack by a competitor > > 04:18:d6:e4:c0:15 Is a ubnt Mac sure you don't own that Mac? In the client > list you should see it pop up now and then maybe pop up a fake ap with same > said with passphrase ubnt should connect then you can get into the network > of who ever is doing it > > > > On Tue, Mar 8, 2016, 7:14 AM Gino Villarini < <[email protected]> > [email protected]> wrote: > > are you running 802.11n or airmax? > > > > On Tue, Mar 8, 2016 at 1:44 AM, Rory Conaway < <[email protected]> > [email protected]> wrote: > > I’m almost done doing that. This should be interesting. > > > > Rory > > > > *From:* Af [mailto: <[email protected]>[email protected]] *On > Behalf Of *Jaime Solorza > *Sent:* Monday, March 07, 2016 9:55 PM > *To:* Animal Farm < <[email protected]>[email protected]> > *Subject:* Re: [AFMUG] I might be under attack by a competitor > > > > Change your ssid and hide it... > > On Mar 7, 2016 9:05 PM, "Rory Conaway" < <[email protected]> > [email protected]> wrote: > > Received disassoc from 04:18:d6:e4:c0:15. Reason: Disassociated because > sending STA is leaving (or has left) BSS (8). > > Feb 13 07:17:43 wireless: ath0 STA-TRAFFIC-STAT mac=04:18:d6:e4:c0:15 > rx_packets=633675 rx_bytes=116857546 tx_packets=2225222 tx_bytes=3041234063 > > Feb 13 07:17:43 wireless: ath0 Expired node:04:18:D6:E4:C0:15 > > Feb 13 07:17:43 hostapd: ath0: STA 04:18:d6:e4:c0:15 IEEE 802.11: > disassociated > > Feb 13 07:17:43 wireless: ath0 Sending deauth to 04:18:d6:e4:c0:15. > Reason: Class 2 frame received from nonauthenticated STA ( > > > > *From:* Af [mailto: <[email protected]>[email protected]] *On > Behalf Of *Rory Conaway > *Sent:* Monday, March 07, 2016 9:03 PM > *To:* <[email protected]>[email protected] > *Subject:* [AFMUG] I might be under attack by a competitor > > > > I have a couple of customers off the same Ubiquiti Rocket 5 AP that have > been having an issue the last couple days with going offline for a short > time and then reconnecting and coming back online. I pull the logs on the > AP and see a bunch of handshaking and several of these. I’m pretty sure > this is what happens when an enterprise radio does Rogue Access Point > Suppression. Am I reading this right or is there something I’m not aware > of like a bad CPE that can cause this? > > > > Rory > > > > > > > > > > >
