Preventing Brute Force Attacks in Cisco WCS Lobby Ambassador Feature

D.

To ensure that web authentication for guest access is not susceptible to brute force attacks when using the Cisco WCS Lobby Ambassador feature, the best approach would be to implement web authentication max retries on the terminating WLAN (Wireless LAN).

Web authentication max retries is a feature that sets the maximum number of times that a client can attempt to authenticate before being locked out. By setting a reasonable limit on the number of attempts, it can prevent attackers from using automated tools to guess login credentials through a brute force attack.

Configuring web authentication max retries on the WCS (Wireless Control System) would limit the number of authentication attempts for all WLANs, including those that are not used for guest access. Therefore, this option may not be the best fit for this specific scenario.

Implementing a CPU (Central Processing Unit) ACL (Access Control List) on the terminating WL (Wireless LAN) would not directly address the issue of brute force attacks. A CPU ACL is designed to limit the traffic that is processed by the CPU of the AP (Access Point), and it is typically used to prevent Denial-of-Service (DoS) attacks.

Configuring client exclusion would not be the best solution either because it would simply exclude clients from accessing the WLAN after a certain number of authentication failures, rather than preventing the attacks from occurring in the first place.

Therefore, the correct answer would be to configure web authentication max retries on the terminating WLAN. This can be achieved by logging into the WLAN controller or AP, navigating to the WLAN configuration page, and setting the maximum number of retries for web authentication. The value should be set to a reasonable number that allows legitimate users to authenticate without interruption but also prevents brute force attacks.