Containment only prevents NEW client connections-Existing clients stay on

Unanswered Question

Recently discovered something about containment: Containing an existing rogue client will only prevent it from reconnecting later. It does NOT knock off the existing client from the AP.

Containing a rogue AP will only prevent NEW connections from being made (i.e.: roams, re-connections, etc.)

Maybe this was commonly known, however it was news to me.

Isn't there any way to bump an existing client off the system?

- John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbayuka Tue, 08/14/2007 - 13:54

Configure Radius server for access point,. Consider implementing EAP.

Unfortunately, that will have no bearing on the fact that when you contain foreign, rogue APs, any of your trusted wireless clients that may happen to already be attached to them will not be knocked off of the rogue AP.

The point of the original post was this:

Don't assume that by implementing containment that you are knocking off clients who have already connected to a rogue AP. You will only prevent new clients from attaching.

Since there is no message from the WLC/WCS system stating that existing rogue clients will not be affected until they roam or disassociate/reassociate from the rogue AP, it is easy to assume (as I did) that containment "jams" existing wireless clients. This could easily lead to a false sense of security.

- John


This Discussion



Trending Topics - Security & Network