The controller supports three active exploit alarms that serve as notifications of potential threats. They are enabled by default and therefore require no configuration on the controller.
- ASLEAP detection—The controller raises a trap event if an attacker launches a LEAP crack tool. The trap message is visible in the controller’s trap log.
- Fake access point detection—The controller tweaks the fake access point detection logic to avoid false access point alarms in high-density access point environments.
- Honeypot access point detection—The controller raises a trap event if a rogue access point is using managed SSIDs (WLANs configured on the controller). The trap message is visible in the controller’s trap log.