Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
859
Views
0
Helpful
5
Replies

WiSM configuration

Maro.Cisco
Level 1
Level 1

‎06-25-2013 04:55 AM - edited ‎07-04-2021 12:17 AM

Guyz i have 8 WLCs and i read recently about the managment frame protection which is currently disabled globally and on the WLAN its enabled optionally for Client MFP althought i dont have any clients that support 802.11W , if i enabled MFP globally would it provide me with the encryption of managment frames between APs and controller ???? and is it going to cause any problems ?????

Labels:
0 Helpful
5 Replies 5

George Stefanick
VIP Alumni
VIP Alumni

‎06-25-2013 05:11 AM

Marco,

Keep in mind the mgt frames arent encrypted with MFP. You can still see the layer 2 traffic with an analyzer. The value of MFP is so that clients will ignore certain frames if they arent sent from authorized access points.

Example suppose I walk into your office and run a deauth program kicking all your clients off the wifi. With MFP, your clients would ignore my deauth frame. Here is some more reading on the subject

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Maro.Cisco
Level 1
Level 1
In response to George Stefanick

‎06-25-2013 05:20 AM

it says in the link u gave me that ""With MFP, all management frames are cryptographically hashed to create a Message Integrity Check (MIC). The MIC is added to the end of the frame (before the Frame Check Sequence (FCS))."" So even if i didnt make any use of Client MFP , globally enabling MFP would take care of spoofed AP trying to communicate with my APs ?????

0 Helpful

Maro.Cisco
Level 1
Level 1
In response to Maro.Cisco

‎06-25-2013 05:22 AM

what im trying to understand here if i enabled MFP globally on all WLCs without having any clients supporting 802.11W would it actually make a difference or just better leave it disabled ???

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to Maro.Cisco

‎06-25-2013 07:29 AM

Thats a great question. I am not 100% sure if there is any value from the an ap perspective. I am inclined to say no.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎06-25-2013 07:37 AM

Duplicate posts. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card