https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498349#M300854 <P>What solution for 802.1 x would stop the employees from just using their phone and authenticate there</P> Wed, 20 Sep 2023 16:41:56 GMT RandyK1 2023-09-20T16:41:56Z https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498345#M300850 <P>Unfortunately , the employee wifi password was shared with employees prior to my arrival . We now have a lot of personal devices connecting. What is the best method to resolve this? We have Azure AD </P> Tue, 19 Sep 2023 21:04:11 GMT https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498345#M300850 RandyK1 2023-09-19T21:04:11Z https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498346#M300851 <P>Change the password.</P> Tue, 19 Sep 2023 21:44:02 GMT https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498346#M300851 MerakiGnome 2023-09-19T21:44:02Z https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498347#M300852 <P>I would go one step further than <A href="https://community.meraki.com/t5/user/viewprofilepage/user-id/1352">@DarrenOC</A> </P><P>Either move to 802.1X or, if you want to keep PSKs, push the passphrase to the clients with an MDM. That way the users can not read the password.</P><P>In addition to that, allow the users to connect their personal devices with a different SSID/profile with reduced connectivity to your internal network. </P> Tue, 19 Sep 2023 22:06:26 GMT https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498347#M300852 Karsten Iwen 2023-09-19T22:06:26Z https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498348#M300853 <P>I would convert the SSID to an IPSK without radius with a new and old PSK and remove the old password after an audit of the clients. Any device that is connecting to the Old PSK will stop working once the IPSK is removed that covers the old PSK. It's a nice way to rotate passwords without breaking connections entirely. <BR /><A href="https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS</A></P> Tue, 19 Sep 2023 23:03:03 GMT https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498348#M300853 leewalhovd 2023-09-19T23:03:03Z https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498349#M300854 <P>What solution for 802.1 x would stop the employees from just using their phone and authenticate there</P> Wed, 20 Sep 2023 16:41:56 GMT https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498349#M300854 RandyK1 2023-09-20T16:41:56Z https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498350#M300855 <P>Nothing when using Username/PW. But you would see which devices belong to which user and could issue "corrective actions" (whatever this will be). With certificates, the amount of criminal energy of the user will be much higher.</P> Wed, 20 Sep 2023 16:50:20 GMT https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498350#M300855 Karsten Iwen 2023-09-20T16:50:20Z https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498351#M300856 <P>802.1x auth can use many things to validate a device, for example, certificates on the device. Depending on control, or lack of control of the devices would determine what is appropriate. If you don't keep the certificate from users, as in they have admin access to the devices certificate authentication won't guarantee they can't move the certificate to another device to authenticate. <BR /><A href="https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise#User_vs._Machine_Authentication" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_with_WPA2-Enterprise#User_vs._Machine_Authentication</A></P> Wed, 20 Sep 2023 16:56:08 GMT https://community.cisco.com/t5/wireless/limiting-personal-devices/m-p/5498351#M300856 leewalhovd 2023-09-20T16:56:08Z