Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
350
Views
5
Helpful
1
Replies

WLC 5520 setting - authentication of clients laptop

Barry Landon
Level 1
Level 1

‎06-22-2020 09:04 AM - edited ‎07-05-2021 12:12 PM

A client today was able to connect to the WLC via ap as normal.  The user was then able to unauthenticated the device and connect to a spoofed SSID. What blocked him to go any further was PEAP to Cisco ISE.  Question is, is there a setting within the WLC that can be enabled which detects a source client authentication and unauthenticated itself and then the client is dropped.  An added security measure.   

Labels:
0 Helpful
1 Reply 1

patoberli
VIP Alumni
VIP Alumni

‎06-23-2020 06:33 AM

That is all handled by your radius server, if I understood your question correct. The WLC will simply forward the authentication request to the radius.
I suggest using correctly signed certificates on the radius, then the client should not connect to a spoofed ssid with spoofed radius server (which shouldn't have the same hostname/certificate combination). This of course requires the enabled "Validate certificate" setting, something that is often disabled on Android (but enabled by default on Windows or Apple OS).
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card