How to De-authentication attacks in Cisco WLC

mohan.doss19 · ‎02-09-2019

Hi,

I want to know, how to prevent de-authentication attacks in Cisco WLC ( 2504 & 5760 )

marce1000 · ‎02-09-2019

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010110100.pdf

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Haydn Andrews · ‎02-10-2019

If your trying to protect against them then you can look at MFP (but you need CCXv5 clients which there are none I know of) or use 802.11w

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/212576-configure-802-11w-management-frame-prote.html

Keep in mind that this will only help out for clients that support 802.11w

I would also look at other things to identify when a de-auth attack is happening, so you can if it is happening, and identify where.

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

ammahend · ‎02-10-2019

most WLCs come with 17 built in signature, one of the signature is to look for deauth type attacks over the air, you can see the full list under security>standard signatures.

to start with you can enable it, customize it and monitor it under security>Wireless Protection Policies > Signature Events Summary.

The attack is only detected on the channel AP is operating on unless you have dedicated AP monitoring entire spectrum.

you can learn more about configuration here ..

https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_0111111.html

-hope this helps-

mohan.doss19 · ‎02-12-2019

Thanks for details. Are these built-in signatures available on Cisco AIR-CT5760 WLC