We use PEAP/MSCHAPv2 for client AND user authentication. Wireless users and clients will be authenticated by the ACS by asking a ADS usergroup membership. Only authenticated users on authenticated clients should have access to LAN ressources protected by the wlan controller. If the wireless client use the WZC and the logged on user is not a member of the user group he will not be authenticated and blocked by the wlan controller. But if the wireless client use the actual "Intel Wireless Pro Set" AND the user is not a member of the ADS group the ACS drop the user authentication request, but few seconds later the user will have nevertheless access to internal resources.
In this case I think the user authentication request will not right handled by the ACS so authenticated client will have access through the wlan controller and a not ACS authenticated user will have access to lan ressources by his local cached user credentials.
Is there a possible security leak or have I a configuration problem?
IntroductionHow to use the Wireless LAN Controller Configuration Analyzer (WLCCA)
Javier Contreras is a Senior Tech Lead for the Wireless Business Unit in Cisco, with over 2 decades of experi...
< PRE >
(#)For this reason being that : - application that doesn't use multicast, sends one copy of each packet ( data unit of traffic at layer 3 ) to each client (" who seeks the traffic ).- application that does use multicast, sends ...
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...