This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Finding user attempting to connect, but authentication fails too many times in a row

neil_ticktin_io
New Contributor

‎08-25-2023 09:09 AM

Hi,

Our Unleashed logs are littered with entries similar to this:

User[70:b3:06:xx:xx:xx] fails authentication too many times in a row when joining WLAN[ZYX-GA] at AP[AP-2-00-GA-1295@24:79:2a:xx:xx:xx]. User[70:b3:06:xx:xx:xx] is temporarily blocked from the system for [30 seconds].

From the timestamps, it appears to be an individual's phone that may have at one point known a Wi-Fi password, or somehow access the WLAN maybe when we were on a ZoneDirector prior to moving to Unleashed a few weeks ago. Since the user is not a device we manage, and isn't successfully accessing, I can't find an IP for it, or any other information ... I just know it's an Apple device from a MAC address lookup.

Any idea how to find info on this device?  or how to keep it from destroying the effectiveness of logs since it's continually trying to log into the Wi-Fi network? 


Thanks!

Neil

0 Kudos
3 REPLIES 3

Ayush_Tripathi
RUCKUS Team Member

‎08-25-2023 09:50 AM

Hello @neil_ticktin_io 

Please confirm the WLAN authentication type ? Is is hotspot service ?

Hotspot has a separate Intrusion Prevention mechanism which is not controlled by the WIPS cfg.  

You can disable it from unleashed WebUI>>Admin&Service>>Hostspot service>>Edit>>Uncheck Intrusion Prevention option.

If you are not using hotspot based WLAN, unleashed Web ui>>Admin&Service>>WIPS>Uncheck the option "Temporarily block wireless clients with repeated authentication failures"

To block the client permanently please refer the below link:-\

https://docs.commscope.com/bundle/unleashed-200.9-onlinehelp/page/GUID-F62E48B8-4905-45D0-A32F-30141...

0 Kudos

neil_ticktin_io
New Contributor
In response to Ayush_Tripathi

‎08-25-2023 10:17 AM

Hi Ayush, and thanks.

It's definitely NOT a Hotspot, as we don't have any. Will uncheck the temp block checkbox.

As for the permanent block, I don't see how that will work as they are never successfully connecting! 🙂 Is there a way to actually let them connect, so we can get more device info, even if they have the wrong password?

0 Kudos

Ayush_Tripathi
RUCKUS Team Member
In response to neil_ticktin_io

‎08-29-2023 03:08 AM

hello @neil_ticktin_io 

could you please configure the below option and check that particular client is able to connect or not.

unleashed Web ui>>Admin&Service>>WIPS>Uncheck the option "Temporarily block wireless clients with repeated authentication failures

 

0 Kudos
Copyright © 2024 Khoros, LLC