Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Limiting unintended client join, How?

Hi,

Im working with campus/university where dense wlan client per cell. However, not all client intend to use our network. Some of them just turn on thier wifi by default. Thier mobile attemp to join the web-authen (open) ssid unintended.

Im looking for the way to prevent or relieve some of unintended join to make our suystem more scalable.

Now the ap in specific area are much high ch utilized.

Im thinking for some kind of 802.1x. Or any method please let suggest.

Thank you,
Nipat

Sent from Cisco Technical Support iPhone App

4 REPLIES
Hall of Fame Super Silver

Re: Limiting unintended client join, How?

Using 802.1x is a good way as long as students and teachers or staff are in active directory. The issue you have still is with guest. This is always an open SSID that's broadcasting with some web authentication. You can prevent devices from joining this type of SSID. The only thing you can possibly do is lower the DHCP lease time to free up DHCP address or make sure your subnet is large enough to accommodate all these guest users who might use it or associate to the SSID but never authenticate.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: Limiting unintended client join, How?

Yes you're right. But I got issue of high ch utilization which is very damage my system. This make system out of order mamy time a day. DHCP over whelm is not much concern. First I design to deploy small cell wlan to minimize the affect. If we also can prevent unintended client via authentication method or some kind. That's good. We're lovin to. We move to ISE by now. Users are in AD yet.

Please suggest,
Nipat

Sent from Cisco Technical Support iPhone App

Hall of Fame Super Silver

Re: Limiting unintended client join, How?

There is no way to control if a client tries to associate to an SSID. Any open SSID you have is vulnerable to devices to automatically associate to that SSID. How you control channel utilization depends on your RF. You can limit the number of SSIDs, since you have ISE, you can reduce the number of wireless SSIDs to possible one. This would be another topic though. Other ways to reduce channel utilization is to tweak your TX power and data rates to create smaller cells and reduce too much overlap. The more SSIDs (beacons in the air), the more clients and the more overlap, will cause channel utilization to increase. You can possible use AP Groups to only have the guest SSID broadcasting in certain areas.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Silver

Re: Limiting unintended client join, How?

ISE is a good option but as suggested by scott you will have the issue of DHCP stravation and his solution with combination of ISE will help in minimizing the issue of capacity planning and controlling the access.

107
Views
0
Helpful
4
Replies
CreatePlease login to create content