Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Client Exclusion

What are pros and cons of enabling / disabling client exclusion policies on a wlc?

3 REPLIES
VIP Purple

HiIf you enable this feature

Hi

If you enable this feature a wireless client will be excluded from the network for a configured amount of time.

1. Excessive 802.11 Association Failures—Clients are excluded on the sixth 802.11 association attempt, after five consecutive failures.
2. Excessive 802.11 Authentication Failures—Clients are excluded on the sixth 802.11 authentication attempt, after five consecutive failures.
3. Excessive 802.1X Authentication Failures—Clients are excluded on the fourth 802.1X authentication attempt, after three consecutive failures.
4. IP Theft or IP Reuse—Clients are excluded if the IP address is already assigned to another device.
5. Excessive Web Authentication Failures—Clients are excluded on the fourth web authentication attempt, after three consecutive failures.

If you do not want to client to be excluded (eg: sometime genuine user get excluded if he enter the wrong password more than 5 times) in those circumstances, you can disabled it.

HTH

Rasika

**** Pls rate all useful responses ****

Community Member

Thanks for the response.  I

Thanks for the response.  I understand how it works I just wondered what the best practice was and why. 

VIP Purple

Best practices  is unique to

Best practices  is unique to a given environment.  If you have very controlled wifi user base, I would turn that off. 

If you  have large environment where users bring their own devices & connect, I would keep turn it on (to alerted who is trying to detect few sorts  of threats)

Pls do not forget to rate our responses if you find that is useful.

 

HTH

Rasika

 

98
Views
0
Helpful
3
Replies
CreatePlease to create content