10-17-2011 09:46 AM - edited 07-03-2021 08:56 PM
I have a 5508 WLC and like 16 Access Points. Every thing is working and I'm just trying to fine tune some security. Here is what I want to do.
- Is there a way that I can lock down the LWAP joining process to the controller? For instance I have WLAN VLAN as 100, now if lets say there is a port on a switch that is on VLAN 100 and it is left on. I don't want any one to be able to take an un authorized LWAP and connect it to that port. Can this process be secured so if I need to add another LWAP I need to authorize it in the WLC before it can join?
- Secondly I was doing some research on MFP and AP Authentication. So it looks like MFP will encrypt the management frames but then the issue is we have lot of smart phone users and if that is enabled they won't be able to connect. However I am unable to get a clear understanding of AP Authentication can some one direct me in the right path or have short answer?
Thank you.
Solved! Go to Solution.
10-17-2011 01:57 PM
Can this process be secured so if I need to add another LWAP I need to authorize it in the WLC before it can join?
Put the authorized WAPs in an AP group. This way, if someone replaces your authorized WAP with something un-authorized, then that AP will go into a default AP Group, which, by your configuration will have NO SSID.
Does this answer your question?
10-17-2011 01:14 PM
Mohammed
You should probably move this thread to the Wireless Forums where you are more likely to get a quick answer to your question.
Jon
10-17-2011 01:18 PM
Eh thank you lol I thought I posted it under the Wireless but I guess not. Thank you for letting me know.
10-17-2011 01:57 PM
Can this process be secured so if I need to add another LWAP I need to authorize it in the WLC before it can join?
Put the authorized WAPs in an AP group. This way, if someone replaces your authorized WAP with something un-authorized, then that AP will go into a default AP Group, which, by your configuration will have NO SSID.
Does this answer your question?
10-17-2011 02:40 PM
Yes thank you, I can go that route it is pretty simple thing to do. Any thing on the MFP and AP Authorization ?
10-19-2011 08:31 PM
By the way I did this but the issue now is that I can still see the WLAN SSID showing up under default-AP group as well as the new group I created. How can I remove that SSID from the default group?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide