Re: Security I have a 2504 wireless LAN controller

blaucournet · ‎06-13-2022

I have a main 2504 wireless LAN controller and a backup. I see that it is possible to configure security systems. Knowing nothing about it, I didn't touch anything. What security do you recommend to put in place?

Thanks

Mohammed al Baqari · ‎06-13-2022

Hi, this is a wide question but some important recommendations:

- Use CA signed certs
- Disable weak ciphers
- Limit access to HTTPS (no HTTP)
- Limit access to SSH (no telnet)
- Limit access to specific IP trusted IPs
- NTP sync is important
- You can go to disable cdp as well.

**** please remember to rate useful posts

blaucournet · ‎06-14-2022

I have PCs and wifi guns connected. Of course, there is a password for each WIFI access point and each 2504 wireless LAN controller. Do you have a website or documentation to properly configure the points you describe ?

Flavio Miranda · ‎06-13-2022

Hi

If you refer to clients security, the better solution is radius with certificates. Avoid PSK.

blaucournet · ‎06-14-2022

I see in Security, there is a "Radius" section. Does this mean there is a built-in Radius? If so do I need to configure this or install a Radius server?

Flavio Miranda · ‎06-14-2022

Yes, that´s correct. WLC supports Local EAP.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215026-local-eap-authentication-on-catalyst-980.html

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010101101.html

Jitendra Kumar · ‎06-13-2022

you can follow @Mohammed al Baqari statement with recommended options basics.

Further, you can create a separate SSID for guests without giving internal network access.

you can also integrate with Radius using the certificate for more security, you can also use a mac base authentication as well.

Thanks,

Jitendra

Thanks,
Jitendra