Mobile client strange behavior trying to connect
Good day.
In the log I see a lot of the same alerts saying that a client is trying to connect but failed as password is incorrect. I found that client (iPhone) and deleted saved network and connected him again successfully. Also I restarted the phone. Nevertheless I continued to receive such alerts in the log. Now I blocked its MAC and receive alerts saying that this MAC is still trying to connect but not it is blocked. I would like to ask maybe somebody have seen such behavior? Such connection attempts take APs resources and I would like to stop it at all. The employee with such phone obviously can't stop bringing it in the office so I need to find the reason there.
Thanks in advance
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @SMARTWAY
Thanks for posting here. Is this only happens on the mentioned iPhone?
Here are some suggestions:
1. Verify iPhone Settings Again
- Go to Settings → Wi-Fi → [Your Network] → Forget This Network (again).
- Disable Auto-Join for the network.
- Restart the iPhone
- Check Settings → General → VPN & Device Management for any enforced profiles.
2. Check for Wi-Fi Scanning Features
- Some apps (like Find My iPhone, Google Maps, or IoT apps) scan Wi-Fi even when not connected.
- Disable Location Services for Wi-Fi Networking (Settings → Privacy → Location Services → System Services → Networking & Wireless).
3. Network-Side Mitigation
- Since you've already blocked the MAC, ensure your AP is properly enforcing the block.
- Some APs allow Silent Drop instead of sending rejection messages (reduces retries).
- Enable Client Isolation (if available) to prevent the device from interacting further.
- Consider rate-limiting connection attempts from suspicious MACs.
4. Check for Rogue DHCP or Authentication Issues
- If using RADIUS/802.1X, verify logs to see if the iPhone is failing silently.
- Ensure no other device is accidentally using the same MAC.
- Copy Link
- Report Inappropriate Content
Hi @SMARTWAY
Thanks for posting here. Is this only happens on the mentioned iPhone?
Here are some suggestions:
1. Verify iPhone Settings Again
- Go to Settings → Wi-Fi → [Your Network] → Forget This Network (again).
- Disable Auto-Join for the network.
- Restart the iPhone
- Check Settings → General → VPN & Device Management for any enforced profiles.
2. Check for Wi-Fi Scanning Features
- Some apps (like Find My iPhone, Google Maps, or IoT apps) scan Wi-Fi even when not connected.
- Disable Location Services for Wi-Fi Networking (Settings → Privacy → Location Services → System Services → Networking & Wireless).
3. Network-Side Mitigation
- Since you've already blocked the MAC, ensure your AP is properly enforcing the block.
- Some APs allow Silent Drop instead of sending rejection messages (reduces retries).
- Enable Client Isolation (if available) to prevent the device from interacting further.
- Consider rate-limiting connection attempts from suspicious MACs.
4. Check for Rogue DHCP or Authentication Issues
- If using RADIUS/802.1X, verify logs to see if the iPhone is failing silently.
- Ensure no other device is accidentally using the same MAC.
- Copy Link
- Report Inappropriate Content
Hi there. Many thanks for the suggestion. What I'm trying to understand is that each time this device tries to connect - controller denies it and spends its resources on it. Assuming there are hundreds of such attempts it might be quite bad for it. So in fact it can be situation when a set of devices try to connect with initially wrong password and by doing it they just bring controller or APs down DDOSing it. Is there a mechanism to block it but not spending resources on it?
Best regards
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 208
Replies: 2
Voters 0
No one has voted for it yet.