Configuring Management Frame Protection
•
You can globally configure MFP on a controller. When you do so, management frame protection and
validation are enabled by default for each joined access point, and access point authentication is
automatically disabled. Once MFP is globally enabled on a controller, you can disable and re-enable it
for individual WLANs and access points.
Access points support MFP in local and monitor modes and in REAP and H-REAP modes when the
Note
access point is connected to a controller.
You can configure MFP through either the GUI or the CLI.
Using the GUI to Configure MFP
Follow these steps to configure MFP using the controller GUI.
Click Security and then AP Authentication/MFP under Wireless Protection Policies. The AP
Step 1
Authentication Policy page appears (see
Figure 5-6
To enable MFP globally for the controller, choose Management Frame Protection from the Protection
Step 2
Type drop-down box.
Click Apply to commit your changes.
Step 3
Cisco Wireless LAN Controller Configuration Guide
5-14
Event reporting—The access point notifies the controller when it detects an anomaly, and the
controller aggregates the received anomaly events and can report the results through SNMP traps to
alert the network manager.
AP Authentication Policy Page
Figure
5-6).
Chapter 5
Configuring Security Solutions
OL-9141-03