MAC filtering with ACS - causing a ton of authentication attempts
We are doing MAC filtering on an open SSID (no layer 2 security). There are currently about 1200 MAC addresses defined in the filter list but due to scalability reasons, we moved the list of MAC addresses to the ACS authentication server.
The problem is when RADIUS servers is enabled for this open SSID, not only do the authorized clients authenticate against the RADIUS server, but so do all the unauthorized clients, who are not part of the MAC filter list. Since it is an open SSID, anybody with a smart phone tries connecting. This generates, literally MILLIONS of authentication attempts to the ACS servers, with the resulting log files. Clients are authenticating 3 to 4 times each second, all day long.
An attempt was made to enable the client exclusion feature on the SSID, to put clients into a temporary exclusion state, so that they don't overwhelm the authentication servers. However, we have been told that this mechanism doesn't work, due to some internal timers within the controller.
Is there any way we can perform the MAC-based authentication against our ACS servers, without overwhelming them with millions of unauthorized authentication attempts?
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...