Absolutely drop the legacy rates, and stretching the auth timers is a safe bet. The client exclusion thing is one of those topics that ticks me off a bit. We need to use exclusion, or our auth servers get pounded by clients that are either misconfigured or not yet configured right (or may have no interest in our secure WLAN but hitting it incidentally), but Cisco gives you no flexibility in the triggering. 3 fails and exclusion kicks in. It’s not all that uncommon for a healthy client to have 3 fails before they get it right, and so this should have some flexibility to it, but I have yet to hear any interest from Cisco in changing it and their “throw your suggestions into the Ignore Box” feature request system isn’t really bringing me satisfaction.
-Lee Badman From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hurt,Trenton W. Sent: Wednesday, September 11, 2013 1:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco wlc tweaks What are folks thoughts that are running Cisco regarding these suggested tweaks? I'm always hesitant to mess with anything that might fix one but break another. https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1304&L=WIRELESS-ADMIN&D=0&P=4218 Sent from my iPhone