Tuesday, December 22, 2009

Management Frame Protection (MFP) & WPS settings

[notes]
WPS is casually mentioned in and around enabling MFP and MFP settings, but I found a link to a list of error messages that seem to indicate what it is/does: LINK 
  • wireless protection policy (WPS)
    • List of "show wps" commands: LINK 
Seems that you can't enable  ap-authentication until MFP is disabled:
  • MFP must be disabled before AP neighbor authentication is enabled.
And when you enable ap-authentication, NTP must be enabled on all switches in a multi-switch environment:
  • Please enable NTP on all switches in a multi-switch environment.
    I found a nice thread on the Cisco Learning Network about MFP Settings 


    and then I found a totally sweet blog about Wireless LAN Security Best Practices and other assorted wireless stuff by Herbert Haas some of it is a bit dated, but some of it is still applicable: LINK


    Then I found the Infrastructure Management Frame Protection (MFP) with WLC and LAP Configuration Example document:
    LINK

    Found this too - the Lightweight Access Point (LAP) Authorization in a Cisco Unified Wireless Network Configuration Example: LINK

    No comments:

    Post a Comment