02-09-2014 07:01 PM - edited 07-05-2021 12:08 AM
Hi,
Im working with campus/university where dense wlan client per cell. However, not all client intend to use our network. Some of them just turn on thier wifi by default. Thier mobile attemp to join the web-authen (open) ssid unintended.
Im looking for the way to prevent or relieve some of unintended join to make our suystem more scalable.
Now the ap in specific area are much high ch utilized.
Im thinking for some kind of 802.1x. Or any method please let suggest.
Thank you,
Nipat
Sent from Cisco Technical Support iPhone App
02-09-2014 07:35 PM
Using 802.1x is a good way as long as students and teachers or staff are in active directory. The issue you have still is with guest. This is always an open SSID that's broadcasting with some web authentication. You can prevent devices from joining this type of SSID. The only thing you can possibly do is lower the DHCP lease time to free up DHCP address or make sure your subnet is large enough to accommodate all these guest users who might use it or associate to the SSID but never authenticate.
Sent from Cisco Technical Support iPhone App
02-10-2014 12:59 AM
Yes you're right. But I got issue of high ch utilization which is very damage my system. This make system out of order mamy time a day. DHCP over whelm is not much concern. First I design to deploy small cell wlan to minimize the affect. If we also can prevent unintended client via authentication method or some kind. That's good. We're lovin to. We move to ISE by now. Users are in AD yet.
Please suggest,
Nipat
Sent from Cisco Technical Support iPhone App
02-10-2014 03:19 AM
There is no way to control if a client tries to associate to an SSID. Any open SSID you have is vulnerable to devices to automatically associate to that SSID. How you control channel utilization depends on your RF. You can limit the number of SSIDs, since you have ISE, you can reduce the number of wireless SSIDs to possible one. This would be another topic though. Other ways to reduce channel utilization is to tweak your TX power and data rates to create smaller cells and reduce too much overlap. The more SSIDs (beacons in the air), the more clients and the more overlap, will cause channel utilization to increase. You can possible use AP Groups to only have the guest SSID broadcasting in certain areas.
Sent from Cisco Technical Support iPhone App
02-10-2014 03:20 AM
ISE is a good option but as suggested by scott you will have the issue of DHCP stravation and his solution with combination of ISE will help in minimizing the issue of capacity planning and controlling the access.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide