Dos Attack AP 100

Question

Hi, 
 
 My enviroment, 
 
 XG125 HA 17.0.8 version 
 
 i&acute;ve some AP 100 configured by DHCP, for example 192.168.157.221 and XG LAN is 192.168.157.70. 
 
 At realtime console I can se events like this even no clients connected: 
 
 2018-07-05 07:10:29 DoS Attack Denied 0 lag0 192.168.157.221 192.168.157.70 8472 8472 UDP 0

Any ideas? 
 
 Regards

Ronak Sheth · Answer

Hello, 
 
 Looking at the logs it looks like you have configured some wireless network with Clint traffic as "Sepeeate Zone". If yes, then you will need to add a DoS bypass rule as following. 
 
 Src IP: * or AP IP if you have reserved the IP address on your DHCP server 
 Src Port: 8472 
 Dst IP: Primary XG IP (192.168.157.70) 
 Dst Port: 8472 
 Proto: UDP 
 
 This traffic is used to tunnel and separate traffic from your LAN interface. 
 
 Regards, Ronak.

Aditya Patel · Answer

Hi Edgar_Quintana , 
 You may check the ARP table for the device IP address and associated MAC address ,otherwise you may need to configure a different zone if you wish Isolation between Wired and Wireless Network. 
 DDOS attack is check when pass though the XG interfaces and unless you know the Port or function of the application usig that port , it is not recommended to bypass it.