Network Management

Reply
Occasional Contributor II

PCI Compliance Report and Wireless Guest Networks

Hello,

 

One of my customers has been observing the failure of the "Daily PCI Compliance Report" in Airwave (ver. 8.2.5). The failure is on point 4.1.1.  Use strong encryption in wireless networks.

 

When investigating further, I was able to discover that the failure was caused by wireless clients joining the Guest Wi-Fi which, of course, has no encryption at Layer 2.

 

Several APs are reporting the following message for various clients in the compliance section: "Client: XX:XX:XX:XX:XX:XX not using strong encryption."

 

My questions are:

 

1. Is this normal? Shouldn't PCI compliance take into account that Guest networks use HTTPS encryption at Layer 3?

2. Is it possible to run a report in Airwave only for non-guest wireless networks, so that it shows a pass instead of a fail?

 

I can provide additional details upon request.

 

Many thanks in advance,

 

Giuseppe Damiano/

Moderator

Re: PCI Compliance Report and Wireless Guest Networks

Under AMP Setup -> PCI Compliance -> 4.1.1 -> you can set toggle for 'ignore client sessions w/ specific role' = yes, and then input the role that the users get from that Guest SSID.  Hopefully the authentication is setup so that they get something that's easy to distinguish like 'guest-access-ok' instead of the universal 'authenticated' role.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: