cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
850
Views
0
Helpful
5
Replies

WLC user authentication and SSID broadcast

mahesh18
Level 6
Level 6

               Hi Everyone,

Need to confirm if WLC  is sending the ssid as broadcast or not?

Also if users connect if they get the ip from dhcp need to confirm how they are getting authenticated?

Regards

Mahesh   

2 Accepted Solutions

Accepted Solutions

Hi Mahesh..

In CLI "show wlan " tells you all the featured configured on that SSID. If it says "Broadcast SSID" feature enabled then it is boradcast & any user can see it. (see below)

(4402-3) >show wlan 4

WLAN Identifier.................................. 4

Profile Name..................................... Voice02

Network Name (SSID).............................. Voice02

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

Also "show client summary " output tells you who are authenticated clients. See below

(WLC) >show client summary

Number of Clients................................ 29

MAC Address       AP Name           Slot Status        WLAN  Auth Protocol         Port Wired PMIPV6 Role

----------------- ----------------- ---- ------------- ----- ---- ---------------- ---- ----- ------ ----------------

08:37:3d:ef:01:51 10.10.6.244        N/A Associated     15   No   Mobile           13   No    No     Export Anchor  

10:68:3f:36:f2:a8 OE-AP002-HARI      1   Associated     1   Yes  802.11a          13   No    No     Local     

You can use "show client detail " for more about authentication detail

(WLC) >show client detail 10:68:3f:36:f2:a8

Client MAC Address............................... 10:68:3f:36:f2:a8

Client Username ................................. abc

AP MAC Address................................... 00:3a:98:00:85:20

AP Name.......................................... OE-AP002-HARI    

AP radio slot Id................................. 1 

Client State..................................... Associated    

Client NAC OOB State............................. Access

Wireless LAN Id.................................. 1 

Hotspot (802.11u)................................ Not Supported

BSSID............................................ 00:3a:98:00:85:2e 

Connected For ................................... 1126 secs

Channel.......................................... 161

IP Address....................................... 149.144.156.7

Gateway Address.................................. 149.144.159.250

Netmask.......................................... 255.255.252.0

Association Id................................... 1 

Authentication Algorithm......................... Open System

Reason Code...................................... 1 

Status Code...................................... 0 

Client CCX version............................... No CCX support

Re-Authentication Timeout........................ 654

QoS Level........................................ Platinum

HTH

Rasika

View solution in original post

You need to post your show WLAN this will show you how that WLAN is setup for authentication. Open authentication means no encryption.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

5 Replies 5

Hi Mahesh..

In CLI "show wlan " tells you all the featured configured on that SSID. If it says "Broadcast SSID" feature enabled then it is boradcast & any user can see it. (see below)

(4402-3) >show wlan 4

WLAN Identifier.................................. 4

Profile Name..................................... Voice02

Network Name (SSID).............................. Voice02

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

Also "show client summary " output tells you who are authenticated clients. See below

(WLC) >show client summary

Number of Clients................................ 29

MAC Address       AP Name           Slot Status        WLAN  Auth Protocol         Port Wired PMIPV6 Role

----------------- ----------------- ---- ------------- ----- ---- ---------------- ---- ----- ------ ----------------

08:37:3d:ef:01:51 10.10.6.244        N/A Associated     15   No   Mobile           13   No    No     Export Anchor  

10:68:3f:36:f2:a8 OE-AP002-HARI      1   Associated     1   Yes  802.11a          13   No    No     Local     

You can use "show client detail " for more about authentication detail

(WLC) >show client detail 10:68:3f:36:f2:a8

Client MAC Address............................... 10:68:3f:36:f2:a8

Client Username ................................. abc

AP MAC Address................................... 00:3a:98:00:85:20

AP Name.......................................... OE-AP002-HARI    

AP radio slot Id................................. 1 

Client State..................................... Associated    

Client NAC OOB State............................. Access

Wireless LAN Id.................................. 1 

Hotspot (802.11u)................................ Not Supported

BSSID............................................ 00:3a:98:00:85:2e 

Connected For ................................... 1126 secs

Channel.......................................... 161

IP Address....................................... 149.144.156.7

Gateway Address.................................. 149.144.159.250

Netmask.......................................... 255.255.252.0

Association Id................................... 1 

Authentication Algorithm......................... Open System

Reason Code...................................... 1 

Status Code...................................... 0 

Client CCX version............................... No CCX support

Re-Authentication Timeout........................ 654

QoS Level........................................ Platinum

HTH

Rasika

Hi Rasika,

If  we see below

Client Username ................................. Cisco1

Authentication Algorithm......................... Open System

does it mean that clients use no password for authentication?

here Cisco1 can be username of there PC  right ?

Regards

Mahesh

You need to post your show WLAN this will show you how that WLAN is setup for authentication. Open authentication means no encryption.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

With respect to username you are correct.

But regarding authentication you cannot come to a conclusion like that, You have to see the full "show client detail " . Here is an example of PEAP authenticated client. Authentication algorithm open system does not mean user does not use password. Any EAP method  Authentication Algorithm show as open system, but still user has to enter their credential (except TLS where it is certificate based)

(WLC) >show client detail 04:1e:64:13:f9:03

Client MAC Address............................... 04:1e:64:13:f9:03

Client Username ................................. smcowgill

AP MAC Address................................... c4:0a:cb:a0:e8:50

AP Name.......................................... APc464.13b4.4be8 

Client State..................................... Associated    

Client NAC OOB State............................. Access

Wireless LAN Id.................................. 2 

Hotspot (802.11u)................................ Not Supported

BSSID............................................ c4:0a:cb:a0:e8:51 

Connected For ................................... 7520 secs

Channel.......................................... 1 

.

.

.

Association Id................................... 1 

Authentication Algorithm......................... Open System

Reason Code...................................... 1 

Status Code...................................... 0 

Client CCX version............................... No CCX support

Re-Authentication Timeout........................ 3284

802.1P Priority Tag.............................. 6

CTS Security Group Tag........................... Not Applicable

KTS CAC Capability............................... No

WMM Support...................................... Enabled

  APSD ACs.......................................  BK  BE  VI  VO

Power Save....................................... ON

Current Rate..................................... 54.0

Supported Rates.................................. 12.0,18.0,24.0,36.0,48.0,54.0

Mobility State................................... Foreign

Mobility Anchor IP Address....................... 10.14.7.247

Mobility Move Count.............................. 3

Security Policy Completed........................ Yes

Policy Manager State............................. RUN

Policy Manager Rule Created...................... Yes

Audit Session ID................................. 0a0a06f400040f985228de2e

IPv4 ACL Name.................................... none

IPv4 ACL Applied Status.......................... Unavailable

IPv6 ACL Name.................................... none

IPv6 ACL Applied Status.......................... Unavailable

Client Type...................................... SimpleIP

PMIPv6 State..................................... Unavailable

mDNS Status...................................... Enabled

mDNS Profile Name................................ default-mdns-profile

No. of mDNS Services Advertised.................. 0

Policy Type...................................... WPA2

Authentication Key Management.................... 802.1x

Encryption Cipher................................ CCMP (AES)

Protected Management Frame ...................... No

Management Frame Protection...................... No

EAP Type......................................... PEAP

Hi Scott & Rasika,

Thanks for your help.

I can check now method of Authentication config on wlan

Regards

MAhesh

Review Cisco Networking for a $25 gift card