Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
4
Replies

Limiting unintended client join, How?

n.poongsawad
Level 1
Level 1

‎02-09-2014 07:01 PM - edited ‎07-05-2021 12:08 AM

Hi,

Im working with campus/university where dense wlan client per cell. However, not all client intend to use our network. Some of them just turn on thier wifi by default. Thier mobile attemp to join the web-authen (open) ssid unintended.

Im looking for the way to prevent or relieve some of unintended join to make our suystem more scalable.

Now the ap in specific area are much high ch utilized.

Im thinking for some kind of 802.1x. Or any method please let suggest.

Thank you,
Nipat

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
4 Replies 4

Scott Fella
Hall of Fame
Hall of Fame

‎02-09-2014 07:35 PM

Using 802.1x is a good way as long as students and teachers or staff are in active directory. The issue you have still is with guest. This is always an open SSID that's broadcasting with some web authentication. You can prevent devices from joining this type of SSID. The only thing you can possibly do is lower the DHCP lease time to free up DHCP address or make sure your subnet is large enough to accommodate all these guest users who might use it or associate to the SSID but never authenticate.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

n.poongsawad
Level 1
Level 1
In response to Scott Fella

‎02-10-2014 12:59 AM

Yes you're right. But I got issue of high ch utilization which is very damage my system. This make system out of order mamy time a day. DHCP over whelm is not much concern. First I design to deploy small cell wlan to minimize the affect. If we also can prevent unintended client via authentication method or some kind. That's good. We're lovin to. We move to ISE by now. Users are in AD yet.

Please suggest,
Nipat

Sent from Cisco Technical Support iPhone App

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to n.poongsawad

‎02-10-2014 03:19 AM

There is no way to control if a client tries to associate to an SSID. Any open SSID you have is vulnerable to devices to automatically associate to that SSID. How you control channel utilization depends on your RF. You can limit the number of SSIDs, since you have ISE, you can reduce the number of wireless SSIDs to possible one. This would be another topic though. Other ways to reduce channel utilization is to tweak your TX power and data rates to create smaller cells and reduce too much overlap. The more SSIDs (beacons in the air), the more clients and the more overlap, will cause channel utilization to increase. You can possible use AP Groups to only have the guest SSID broadcasting in certain areas.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

kaaftab
Level 4
Level 4

‎02-10-2014 03:20 AM

ISE is a good option but as suggested by scott you will have the issue of DHCP stravation and his solution with combination of ISE will help in minimizing the issue of capacity planning and controlling the access.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card