Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4209
Views
55
Helpful
18
Replies

how to block WIFI network scan APP

W-ALI
Level 1
Level 1

‎07-21-2022 08:05 AM

Hello ,

does there any solution to prevent WIFI connected users from using any mobile applications like (Fing App) for wifi network scanner. .already I configured below ACL on WIFI connected port on switch  , but useless.

40 deny tcp 172.22.179.0 0.0.0.255 any eq 161
60 deny udp 172.22.179.0 0.0.0.255 any eq snmp
80 deny ip 172.22.179.0 0.0.0.255 172.22.179.0 0.0.0.255
100 permit ip any any

any solution ?

 

0 Helpful
18 Replies 18

Leo Laohoo
Hall of Fame
Hall of Fame
In response to W-ALI

‎07-23-2022 05:10 AM

@W-ALI wrote:

I'm just looking for the best practice to secure the WIFI with the capabilities currently available.

802.1x

patoberli
VIP Alumni
VIP Alumni
In response to W-ALI

‎07-25-2022 04:22 AM

Regarding MAC filtering. With a normal wireless sniffer, that can be installed on any laptop, for example Wireshark, you can simply capture a bit in promiscuous mode and you get all the client MAC addresses in the captured data. MAC addresses are no secret, they are more or less public. 

Because of that your best option is to use 802.1x with a Radius server that can limit the simultaneous logins per username/certificate to 1. 

But in the end I wouldn't do this, as more and more devices will want Wi-Fi. It's very soon that every user has a tablet, laptop, smart watch, .... which should be online. 

W-ALI
Level 1
Level 1
In response to patoberli

‎07-25-2022 04:57 AM

Thanks a lot  @patoberli for your input, really appreciated that,

yes that's true

the best solution 802.1X  , i will try to apply it with certificate

thanks mate

0 Helpful

Rich R
VIP
VIP

‎07-25-2022 04:48 AM

Agreed with @patoberli 

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card