About bakaholic39

bakaholic39 · 06-03-2025

Hi all!I have a question about WPA encryption. Does Cisco support AES (CCMP or GCMP) 256-bit on WPA2 Enterprise or WPA3 Enterprise (not 192-bit mode) on both AireOS WLC and C9800 WLC?Thanks.

bakaholic39 · 04-21-2025

Hi all!I just want to know is there a way to configure rate limit for authentication and association request to prevent the flood attack, either on AireOS and IOS-XE WLC.As in my understanding, this type of attack aims to AP's association table if th...

bakaholic39 · 02-11-2025

Hi all,In the following process of DFS on Cisco Wireless Network (Either AireOS or IOS-XE WLC)Could someone please confirm that I understand this correctly, particularly the 30-minute period of non-occupancy? 1.) DFS Non-Occupancy Period RulesWhen an...

bakaholic39 · 11-21-2024

Hi All,I have seen this log on Assurance indicating that some wireless clients are receiving the message 'Client Authentication failed due to M1 or M3 retransmit max retries.' I am unsure if this pattern of log messages is normal behavior for wireles...

bakaholic39 · 08-07-2024

Hello!I have an ASR1002-X and I want output like thisOr is there another way to display packet size statistics on ASR1002-X?Thanks!

bakaholic39 · 04-22-2025

Thanks for sharing, I see the Client Exclusion condition in the doc: Cisco Catalyst 9800 Series Configuration Best Practices - CiscoWould it be correct to say that Client Exclusion may not be effective against an authentication flood, but could help ...

bakaholic39 · 04-21-2025

Yeah, I understand how Client Exclusion works, it's an effective tool for preventing the same client from repeatedly failing authentication or association attempts. I'm also exploring additional ideas to mitigate a DDoS attack scenario based on the C...

bakaholic39 · 04-21-2025

Yep, I agree with that. However, Client Exclusion may has its limitations if a device experiences five consecutive 802.11 association failures, it will be marked as Excluded. Does this mean the WLC utilizes CPU resources to classify these failuresIn ...

bakaholic39 · 04-21-2025

Sure, the impact is disruptive to the wireless network, but I'm looking for a way to prevent it. If this flood is being sent by a single source device, and excluded clients feature may help mitigate it. However, if the attack comes from multiple sour...

bakaholic39 · 04-21-2025

Hi Saikat,Thanks for reply. Yes, I have DNAC integrated with 9800 WLC, and refer to the 2nd doc you provided, it's mentioned about Authentication flood is attacking to AP's association table.

Member Since	‎07-11-2023 02:35 AM
Date Last Visited	‎06-12-2025 01:28 AM
Posts	37
Total Helpful Votes Received	12

User Statistics

User Activity

WPA2-Enterprise with AES 256-bit

Authentication and Association flood attack.

AP behavior when detecting radar on DFS channels

Log message M1 or M4 max retries on DNA Assuarance

How to show packet size stats on ASR1002

Re: Authentication and Association flood attack.

Re: Authentication and Association flood attack.

Re: Authentication and Association flood attack.

Re: Authentication and Association flood attack.

Re: Authentication and Association flood attack.