7

I'm looking at enabling 802.11k on my Cisco WLC. I see that it is a per-WLAN feature and that leads me to wonder if there might be any reason to not enable it? Specifically, does anyone know if there are security issues with providing clients the 802.11k neighbor list? if so, should i consider omitting 802.11k from my guest SSID?

David
  • 315
  • 1
  • 4

2 Answers2

7

I see no reason not to enable it if your WLC/AP's support it.

At the end of the day the neighbour list is only populated with neighbours that are under the same administrative control as the original AP and so it doesn't really open you up any more than a usual WiFi connection would.

David Rothera
  • 2,788
  • 15
  • 20
5

802.11k is no greater security risk than a normal wireless network without 802.11k. Since the clients can already probe for your access points, this information is already available.

It can actually be a bit more secure as the information provided to the client will not include any rogue APs, so they will be less likely to be chosen.

The only reason I can think of for not enabling it is that there have been cases where client devices with older drivers (or where driver devs haven't taken into account 802.11k) may not handle 802.11k well which can lead to problems (disconnects mainly).

YLearn
  • 27,141
  • 5
  • 59
  • 128
  • that's kinda what i had been thinking i had been under the impression however that 802.11k was just ignored by incompatible clients. do you know of any resource for determining which clients may incur disruption from 802.11k? i really want to improve the experience for my users with the newest tech (upper management especially) but i can't afford to create problems for the gen. pop. – David Jun 17 '13 at 04:52
  • I have never run across problems personally, I have only heard of cases second hand through other communities (I believe in this case it was [Aruba Airheads](http://community.arubanetworks.com/) or [Ubiquiti Forums](http://community.ubnt.com/t5/custom/page/page-id/Forums)) where disabling 802.11k stopped disconnects. – YLearn Jun 17 '13 at 04:57