I'm wondering if anyone has suggestions for ways of preventing mobile devices from connecting to the WLAN. We are moving to a mainly Wireless LAN Controller-based infrastructure, so I'm focusing on possibilities with the WCS/WLC (and not worrying about IOS APs).
Our policy is to keep mobile devices off our WLAN, because we can't ensure their security (no standard patching or anti-virus solution for these devices). But users are able to config their mobile devices' wireless profiles to allow them to authenticate. So we can release all the policies we want.... policies don't keep them from connecting.
Because on the security concerns and the fact that they chew up IP addresses, I'm trying to figure out what we could do to keep them off our WLAN! Any ideas are welcome!
Note: our company is too big to entertain any MAC address filtering based on allowing known laptop MACs or blocking known mobile device MACs.
Machine authentication will prevent non-domain devices to authenticate successfully to the WLAN. If you don't broadcast the SSID an use a secure encryption/authentication method, then the deivce must successfully authenticate in order to obtain an ip address. If you use a L3 authentication method like Web-Auth or Pass-through, then the device will obtain an ip address in order to get the splash page.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...