Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1150
Views
0
Helpful
5
Replies

Securing LWAP jonining to WLC

Go to solution
ALIAOF_
Level 6
Level 6

‎10-17-2011 09:46 AM - edited ‎07-03-2021 08:56 PM

I have a 5508 WLC and like 16 Access Points.  Every thing is working and I'm just trying to fine tune some security.  Here is what I want to do.

- Is there a way that I can lock down the LWAP joining process to the controller?  For instance I have WLAN VLAN as 100, now if lets say there is a port on a switch that is on VLAN 100 and it is left on.  I don't want any one to be able to take an un authorized LWAP and connect it to that port.  Can this process be secured so if I need to add another LWAP I need to authorize it in the WLC before it can join?

- Secondly I was doing some research on MFP and AP Authentication.  So it looks like MFP will encrypt the management frames but then the issue is we have lot of smart phone users and if that is enabled they won't be able to connect.  However I am unable to get a clear understanding of AP Authentication can some one direct me in the right path or have  short answer?

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to ALIAOF_

‎10-17-2011 01:57 PM 

Can this process be secured so if I need to add another LWAP I need to authorize it in the WLC before it can join?

Put the authorized WAPs in an AP group.  This way, if someone replaces your authorized WAP with something un-authorized, then that AP will go into a default AP Group, which, by your configuration will have NO SSID.

Does this answer your question?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-17-2011 01:14 PM

Mohammed

You should probably move this thread to the Wireless Forums where you are more likely to get a quick answer to your question.

Jon

0 Helpful

Go to solution
ALIAOF_
Level 6
Level 6
In response to Jon Marshall

‎10-17-2011 01:18 PM

Eh thank you lol I thought I posted it under the Wireless but I guess not.  Thank you for letting me know.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to ALIAOF_

‎10-17-2011 01:57 PM 

Can this process be secured so if I need to add another LWAP I need to authorize it in the WLC before it can join?

Put the authorized WAPs in an AP group.  This way, if someone replaces your authorized WAP with something un-authorized, then that AP will go into a default AP Group, which, by your configuration will have NO SSID.

Does this answer your question?

0 Helpful

Go to solution
ALIAOF_
Level 6
Level 6
In response to Leo Laohoo

‎10-17-2011 02:40 PM

Yes thank you, I can go that route it is pretty simple thing to do.  Any thing on the MFP and AP Authorization ?

0 Helpful

Go to solution
ALIAOF_
Level 6
Level 6
In response to Leo Laohoo

‎10-19-2011 08:31 PM

By the way I did this but the issue now is that I can still see the WLAN SSID showing up under default-AP group as well as the new group I created.  How can I remove that SSID from the default group?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card