Im working with campus/university where dense wlan client per cell. However, not all client intend to use our network. Some of them just turn on thier wifi by default. Thier mobile attemp to join the web-authen (open) ssid unintended.
Im looking for the way to prevent or relieve some of unintended join to make our suystem more scalable.
Now the ap in specific area are much high ch utilized.
Im thinking for some kind of 802.1x. Or any method please let suggest.
Using 802.1x is a good way as long as students and teachers or staff are in active directory. The issue you have still is with guest. This is always an open SSID that's broadcasting with some web authentication. You can prevent devices from joining this type of SSID. The only thing you can possibly do is lower the DHCP lease time to free up DHCP address or make sure your subnet is large enough to accommodate all these guest users who might use it or associate to the SSID but never authenticate.
Yes you're right. But I got issue of high ch utilization which is very damage my system. This make system out of order mamy time a day. DHCP over whelm is not much concern. First I design to deploy small cell wlan to minimize the affect. If we also can prevent unintended client via authentication method or some kind. That's good. We're lovin to. We move to ISE by now. Users are in AD yet.
There is no way to control if a client tries to associate to an SSID. Any open SSID you have is vulnerable to devices to automatically associate to that SSID. How you control channel utilization depends on your RF. You can limit the number of SSIDs, since you have ISE, you can reduce the number of wireless SSIDs to possible one. This would be another topic though. Other ways to reduce channel utilization is to tweak your TX power and data rates to create smaller cells and reduce too much overlap. The more SSIDs (beacons in the air), the more clients and the more overlap, will cause channel utilization to increase. You can possible use AP Groups to only have the guest SSID broadcasting in certain areas.
ISE is a good option but as suggested by scott you will have the issue of DHCP stravation and his solution with combination of ISE will help in minimizing the issue of capacity planning and controlling the access.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...