WiSM

Maro.Cisco · ‎06-25-2013

guyz if i enabled managment frame protection (MFP) globally on all WLCs without having any clients supporting 802.11W would it actually make a difference in security or just better leave it disabled ???

Scott Fella · ‎06-25-2013

Well it's best to only enable features that client devices also support or else clients might not connect or have issues connecting.

802.11w is supported in v7.4 and if you have a WiSM1, that controller can only support up to v7.0x. Cisco's MFP is supported but not the true standard 802.11w.

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn74.html#wp784178

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Maro.Cisco · ‎06-25-2013

but incase if i had MFP enabled globally i can still have the client MFP set to optional meaning that if a client tried to connect while not supporting MFP then still will have no problems connecting. but what i wanna make sure if enabling it globally would protect my AP against for example hacker masquerading as an infrastructure AP and attempting to communicate with other APs will be dropped ???

Scott Fella · ‎06-25-2013

I wouldn't read into features too much. You can enable it globally and the individual WLAN or AP MFP can be override.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.shtml

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Leo Laohoo · ‎06-25-2013

Duplicate posts.