cancel
Showing results for 
Search instead for 
Did you mean: 

Finding user attempting to connect, but authentication fails too many times in a row

neil_ticktin_io
New Contributor

Hi,

Our Unleashed logs are littered with entries similar to this:

User[70:b3:06:xx:xx:xx] fails authentication too many times in a row when joining WLAN[ZYX-GA] at AP[AP-2-00-GA-1295@24:79:2a:xx:xx:xx]. User[70:b3:06:xx:xx:xx] is temporarily blocked from the system for [30 seconds].

From the timestamps, it appears to be an individual's phone that may have at one point known a Wi-Fi password, or somehow access the WLAN maybe when we were on a ZoneDirector prior to moving to Unleashed a few weeks ago. Since the user is not a device we manage, and isn't successfully accessing, I can't find an IP for it, or any other information ... I just know it's an Apple device from a MAC address lookup.

Any idea how to find info on this device?  or how to keep it from destroying the effectiveness of logs since it's continually trying to log into the Wi-Fi network? 


Thanks!

Neil

3 REPLIES 3

Ayush_Tripathi
RUCKUS Team Member

Hello @neil_ticktin_io 

Please confirm the WLAN authentication type ? Is is hotspot service ?

Hotspot has a separate Intrusion Prevention mechanism which is not controlled by the WIPS cfg.  

You can disable it from unleashed WebUI>>Admin&Service>>Hostspot service>>Edit>>Uncheck Intrusion Prevention option.

If you are not using hotspot based WLAN, unleashed Web ui>>Admin&Service>>WIPS>Uncheck the option "Temporarily block wireless clients with repeated authentication failures"

To block the client permanently please refer the below link:-\

https://docs.commscope.com/bundle/unleashed-200.9-onlinehelp/page/GUID-F62E48B8-4905-45D0-A32F-30141...

Hi Ayush, and thanks.

It's definitely NOT a Hotspot, as we don't have any. Will uncheck the temp block checkbox.

As for the permanent block, I don't see how that will work as they are never successfully connecting! 🙂 Is there a way to actually let them connect, so we can get more device info, even if they have the wrong password?

hello @neil_ticktin_io 

could you please configure the below option and check that particular client is able to connect or not.

unleashed Web ui>>Admin&Service>>WIPS>Uncheck the option "Temporarily block wireless clients with repeated authentication failures