https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4145833#M966 <P>I'll rephrase the question...</P><P>&nbsp;</P><P>What is the recommended way to secure WLCs against SSH brute force attacks by blocking the bad actor's source address please? It's not enough that an account is locked out after x number of failed login attempts.&nbsp; We need to also block/blacklist any bad actor's source address dynamically &amp; autonomously after x number of failed login attempts.&nbsp;</P><P>&nbsp;</P><P>TIA,</P><P>Sam</P> Thu, 03 Sep 2020 14:41:59 GMT shammock 2020-09-03T14:41:59Z https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4144564#M963 <P>What is the recommended way to secure WLCs against management brute force attacks from the same source MAC or IP address please?&nbsp; Need an autonomous way to recognize multiple failed attempts from a bad actor who moves to another login when an account locks &amp; just continues to hammer away with credential brute force attack over SSH / WebGUI.&nbsp; Bad actor should be blocked without manual intervention.</P><P>&nbsp;</P><P>Thanks in advance,</P><P>Sam</P> Mon, 05 Jul 2021 19:27:55 GMT https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4144564#M963 shammock 2021-07-05T19:27:55Z https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4144661#M964 <P>From the same source and MAC address?&nbsp; Block the MAC address from joining the wireless network in the first place.</P> Tue, 01 Sep 2020 18:59:34 GMT https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4144661#M964 Leo Laohoo 2020-09-01T18:59:34Z https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4145833#M966 <P>I'll rephrase the question...</P><P>&nbsp;</P><P>What is the recommended way to secure WLCs against SSH brute force attacks by blocking the bad actor's source address please? It's not enough that an account is locked out after x number of failed login attempts.&nbsp; We need to also block/blacklist any bad actor's source address dynamically &amp; autonomously after x number of failed login attempts.&nbsp;</P><P>&nbsp;</P><P>TIA,</P><P>Sam</P> Thu, 03 Sep 2020 14:41:59 GMT https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4145833#M966 shammock 2020-09-03T14:41:59Z https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4145884#M968 <P>Hi Sam,</P><P>What is your network architecture?<SPAN>Do you have firewall?</SPAN></P><P>&nbsp;</P><P>Are you getting traps to your mail when someone blocked?</P><P>&nbsp;</P><P>Yan Bedia</P><P>&nbsp;</P> Thu, 03 Sep 2020 16:02:44 GMT https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4145884#M968 YanBedia49446 2020-09-03T16:02:44Z https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4147383#M969 <P>There isn't much built in for that. The primary way is to limit the SSH access to the IP addresses of the managing computers and block all others.</P> <P>The WLC will generate an snmp trap for every failed attempt (if I'm not mistaken) which you could process in your monitoring system.&nbsp;</P> Mon, 07 Sep 2020 15:37:16 GMT https://community.cisco.com/t5/wireless/securing-wireless-lan-controllers-against-management-credential/m-p/4147383#M969 patoberli 2020-09-07T15:37:16Z