Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC Client excluded - web authentication failed 3 times

Is there any more I can do with the following? The customer only has 4400 controllers and WCS' both on the highest firmware currently available...

An example of the alert generated in the event of an excessive authentication failure is as follows:

Client '08:60:6e:35:7c:29 (172.16.235.133)' which was associated with interface '802.11b/g/n' of AP '25CS-AP21-24SE' is excluded. The reason code is '5(Web Authentication failed 3 times.)'.

 

E-mail will be suppressed up to 30 minutes for these alarms.

 

I need clarification of the following so that a process can be put in place to show if it is possible to deal with potential threats/attempts to hack into the network as the customers security are not accepting notification only. Therefore please advise:

- What does ‘excluded’ mean in this scenario? Is the client permanently excluded or only temporarily?

- If the client is not permanently excluded - if there are multiple occurrences of this alert for the same client can the client be disabled via the WCS console?

- If necessary could e-mail suppression be turned off - for this alert only?

 

Hope you can help but I think they need Prime and ISE to satisfy their security concerns myself!

 

BR

 

Rockford

 

 

Everyone's tags (1)
120
Views
0
Helpful
0
Replies
CreatePlease to create content