Lightweight AP set into holding state?

Unanswered Question
Dec 2nd, 2008
User Badges:

When i plug an LAP into my network it sees the DNS entry for the WLC and associates itself with it and picks up all the defined WLANS on the WLC and advertises and provides them.


Ideally, I'd like each and every LAP to associate but then pick up no WLANS until I decide to move it into a particular AP group.


It seems terribly unsecure the way that I'm doing it now and I'm sure there must be an alternative.


At present, there's nothing stopping a third party plugging in their own LAP and getting wifi access wherever they choose from within my network.


Any ideas?


Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gamccall Tue, 12/02/2008 - 08:53
User Badges:
  • Silver, 250 points or more

Well, the way to stop unauthorized APs is to use the AP Authorization List feature and code in the mac addresses of all your authorized APs; this will cause the controllers to reject join requests from any AP which isn't on the list.


In the 5.2 release, you might be able to set up the default AP group with no WLANs, and then manually assign your APs to other AP groups with the appropriate WLAN assignments. I haven't played with this feature yet, though.

LCC-IT Thu, 12/04/2008 - 08:17
User Badges:

that's exactly what I'd expect you can do, but it seems that the default group gets populated with every WLAN that you've configured on the WLC. As yet, I can't see how to alter this.

dziminski Tue, 12/02/2008 - 09:42
User Badges:

Alternatively, you could not use the DNS method for provisioning access points. If you use DHCP option 43, you can have more control over which APs get the option template with the controller addresses.

Actions

This Discussion

 

 

Trending Topics - Security & Network