Hi,
I have configured an open SSID with MAC-authentication. Its working fine for the users whose mac addresses are added on the controller's local database. However for other users which are failing attempting association on this open SSID, there are thousands of SNMP traps generated every hour. This is quite high a number.
Below is my configuration, please suggest if I am missing something in my configuration for achieving mac-authentication with open SSID.
Any suggestions, please let me know.
(WLC_0001) #show wlan virtual-ap OPEN-SSID-vap_prof
Virtual AP profile "OPEN-SSID-vap_prof"
-------------------------------------
Parameter Value
--------- -----
AAA Profile OPEN-SSID-aaa_prof
802.11K Profile default
Hotspot 2.0 Profile N/A
SSID Profile OPEN-SSID-ssid_prof
Virtual AP enable Enabled
VLAN 822
Forward mode tunnel
Allowed band all
Band Steering Disabled
Cellular handoff assist Disabled
Steering Mode balance-bands
Dynamic Multicast Optimization (DMO) Disabled
Dynamic Multicast Optimization (DMO) Threshold 6
Drop Broadcast and Unknown Multicast Disabled
Convert Broadcast ARP requests to unicast Enabled
Authentication Failure Blacklist Time 3600 sec
Blacklist Time 3600 sec
Deny inter user traffic Disabled
Deny time range N/A
DoS Prevention Disabled
HA Discovery on-association Enabled
Mobile IP Enabled
Preserve Client VLAN Disabled
Remote-AP Operation standard
Station Blacklisting Enabled
Strict Compliance Disabled
VLAN Mobility Disabled
WAN Operation mode always
FDB Update on Assoc Disabled
WMM Traffic Management Profile N/A
Anyspot profile N/A
(WLC_0001) # show aaa profile OPEN-SSID-aaa_prof
AAA Profile "OPEN-SSID-aaa_prof"
------------------------------
Parameter Value
--------- -----
Initial role denyall
MAC Authentication Profile OPEN-SSID-USERS-Altai
MAC Authentication Default Role guest
MAC Authentication Server Group internal
802.1X Authentication Profile dot1x_prof-iwj39
802.1X Authentication Default Role guest
802.1X Authentication Server Group N/A
Download Role from CPPM Disabled
Set username from dhcp option 12 Disabled
L2 Authentication Fail Through Disabled
Multiple Server Accounting Disabled
User idle timeout N/A
Max IPv4 for wireless user 2
RADIUS Accounting Server Group N/A
RADIUS Interim Accounting Disabled
XML API server N/A
RFC 3576 server N/A
User derivation rules N/A
Wired to Wireless Roaming Enabled
SIP authentication role N/A
Device Type Classification Enabled
Enforce DHCP Disabled
PAN Firewall Integration Disabled
Open SSID radius accounting Disabled
(WLC_0001) #
(WLC_0001) #show wlan ssid-profile OPEN-SSID-ssid_prof
SSID Profile "OPEN-SSID-ssid_prof"
--------------------------------
Parameter Value
--------- -----
SSID enable Enabled
ESSID OPEN-SSID
Encryption opensystem
Enable Management Frame Protection Disabled
Require Management Frame Protection Disabled
DTIM Interval 1 beacon periods
802.11a Basic Rates 6 9
802.11a Transmit Rates 6 9 12 18 24 36 48 54
802.11g Basic Rates 2 5
802.11g Transmit Rates 2 5 6 9 11 12 18 24 36 48 54
Station Ageout Time 1000 sec
Max Transmit Attempts 8
RTS Threshold 2333 bytes
Short Preamble Enabled
Max Associations 64
Wireless Multimedia (WMM) Disabled
Wireless Multimedia U-APSD (WMM-UAPSD) Powersave Enabled
WMM TSPEC Min Inactivity Interval 0 msec
Override DSCP mappings for WMM clients Disabled
DSCP mapping for WMM voice AC (0-63) N/A
DSCP mapping for WMM video AC (0-63) N/A
DSCP mapping for WMM best-effort AC (0-63) N/A
DSCP mapping for WMM background AC (0-63) N/A
Multiple Tx Replay Counters Disabled
Hide SSID Disabled
Deny_Broadcast Probes Disabled
Local Probe Request Threshold (dB) 0
Auth Request Threshold (dB) 0
Disable Probe Retry Enabled
Battery Boost Disabled
WEP Key 1 N/A
WEP Key 2 N/A
WEP Key 3 N/A
WEP Key 4 N/A
WEP Transmit Key Index 1
WPA Hexkey N/A
WPA Passphrase ********
Maximum Transmit Failures 0
EDCA Parameters Station profile N/A
EDCA Parameters AP profile N/A
BC/MC Rate Optimization Disabled
Rate Optimization for delivering EAPOL frames Enabled
Strict Spectralink Voice Protocol (SVP) Disabled
High-throughput SSID Profile OPEN-SSID-htssid_prof
802.11g Beacon Rate 12
802.11a Beacon Rate 12
Video Multicast Rate Optimization default
Advertise QBSS Load IE Disabled
Advertise Location Info Disabled
Advertise AP Name Disabled
802.11r Profile N/A
Enforce user vlan for open stations Disabled
Enable OKC Enabled
(WLC_0001) #