Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all!I have a question about WPA encryption. Does Cisco support AES (CCMP or GCMP) 256-bit on WPA2 Enterprise or WPA3 Enterprise (not 192-bit mode) on both AireOS WLC and C9800 WLC?Thanks.
Hi all!I just want to know is there a way to configure rate limit for authentication and association request to prevent the flood attack, either on AireOS and IOS-XE WLC.As in my understanding, this type of attack aims to AP's association table if th...
Hi all,In the following process of DFS on Cisco Wireless Network (Either AireOS or IOS-XE WLC)Could someone please confirm that I understand this correctly, particularly the 30-minute period of non-occupancy? 1.) DFS Non-Occupancy Period RulesWhen an...
Hi All,I have seen this log on Assurance indicating that some wireless clients are receiving the message 'Client Authentication failed due to M1 or M3 retransmit max retries.' I am unsure if this pattern of log messages is normal behavior for wireles...
I have both, and I’m wondering, rather than configuring complex SGTs or SGACLs, can traditional way like Airespace ACL Name still work with SDA wireless.
Thanks for replying, do you have any insights on SD-Access wireless? Can this method be used to enforce ACLs for clients in an SD-Access Wireless environment?
In order to use an ACL name, in the ISE authorization profile, should I select Airespace ACL Name or use a specific AV pair? Additionally, on the WLC, is there any mandatory configuration apart from creating an ACL with the same name as defined in IS...
Thanks for sharing, I see the Client Exclusion condition in the doc: Cisco Catalyst 9800 Series Configuration Best Practices - CiscoWould it be correct to say that Client Exclusion may not be effective against an authentication flood, but could help ...
Yeah, I understand how Client Exclusion works, it's an effective tool for preventing the same client from repeatedly failing authentication or association attempts. I'm also exploring additional ideas to mitigate a DDoS attack scenario based on the C...
